Local file restrictions should not block sessionStorage access.
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 10 Nov 2016 18:54:37 +0000 (18:54 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 10 Nov 2016 18:54:37 +0000 (18:54 +0000)
https://bugs.webkit.org/show_bug.cgi?id=155609
<rdar://problem/25229461>

Reviewed by Andy Estes.

Re-landing this fix that was lost when the localStorage change was rolled out.

Use of 'sessionStorage' is governed by SecurityOrigin with third party access
set to 'ShouldAllowFromThirdParty::AlwaysAllowFromThirdParty'. We should not
reject local files for this combination of arguments.

Tested by storage/domstorage/sessionstorage/blocked-file-access.html.

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canAccessStorage): For the case of sessionStorage,
allow local file access.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@208550 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/page/SecurityOrigin.cpp

index d51e06c..5e51ee7 100644 (file)
@@ -1,3 +1,23 @@
+2016-11-10  Brent Fulgham  <bfulgham@apple.com>
+
+        Local file restrictions should not block sessionStorage access.
+        https://bugs.webkit.org/show_bug.cgi?id=155609
+        <rdar://problem/25229461> 
+
+        Reviewed by Andy Estes.
+
+        Re-landing this fix that was lost when the localStorage change was rolled out.
+
+        Use of 'sessionStorage' is governed by SecurityOrigin with third party access
+        set to 'ShouldAllowFromThirdParty::AlwaysAllowFromThirdParty'. We should not
+        reject local files for this combination of arguments.
+
+        Tested by storage/domstorage/sessionstorage/blocked-file-access.html.
+
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::canAccessStorage): For the case of sessionStorage,
+        allow local file access.
+
 2016-11-10  Daniel Bates  <dabates@apple.com>
 
         REGRESSION (r195004): Scripts and plugins blocked for subsequent loads in same WebContent
index a939e2b..c82d13e 100644 (file)
@@ -328,7 +328,7 @@ bool SecurityOrigin::canAccessStorage(const SecurityOrigin* topOrigin, ShouldAll
     if (isUnique())
         return false;
 
-    if (isLocal() && !needsStorageAccessFromFileURLsQuirk() && !m_universalAccess)
+    if (isLocal() && !needsStorageAccessFromFileURLsQuirk() && !m_universalAccess && shouldAllowFromThirdParty != AlwaysAllowFromThirdParty)
         return false;
     
     if (m_storageBlockingPolicy == BlockAllStorage)