WebCore: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit...
authorlevin@chromium.org <levin@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 20 Aug 2009 06:28:48 +0000 (06:28 +0000)
committerlevin@chromium.org <levin@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 20 Aug 2009 06:28:48 +0000 (06:28 +0000)
commit2374dcd12889b87ab87b61dbf8b2ecfb1c84c737
tree810a592ef07913eb8796eac6cb8bc25a555b06e6
parentcd551197e6834d311479aafc88a9d553938cbef4
WebCore: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

Tests: http/tests/xmlhttprequest/origin-whitelisting-all.html
       http/tests/xmlhttprequest/origin-whitelisting-exact-match.html
       http/tests/xmlhttprequest/origin-whitelisting-https.html
       http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains.html
       http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html
       http/tests/xmlhttprequest/origin-whitelisting-subdomains.html

* WebCore.base.exp: Export methods to manipulate origin access whitelists to enable
testing via layout tests.

* WebCore.xcodeproj/project.pbxproj: Add OriginAccessEntry.*
* GNUmakefile.am: Ditto.
* WebCore.gypi: Ditto.
* WebCore.pro: Ditto.
* WebCore.vcproj/WebCore.vcproj: Ditto.
* WebCoreSources.blk: Ditto.

* page/SecurityOrigin.h: Implement origin access whitelists.
(WebCore::originAccessMap): Static getter for access whitelists.
(WebCore::SecurityOrigin::canRequest): Modify request checking logic to check whitelists.
(WebCore::SecurityOrigin::whiteListAccessFromOrigin): Add an entry to a whitelist.
(WebCore::SecurityOrigin::resetOriginAccessWhiteLists): Clear all the whitelists.

* page/OriginAccessEntry.h: Added. An entry in an origin access whitelist.
* page/OriginAccessEntry.cpp: Ditto.

WebKit/gtk: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* webkit/webkitprivate.cpp:
(webkit_white_list_access_to_origin): Add API to manipulate origin access whitelists.
(webkit_reset_origin_access_white_lists): Ditto.
* webkit/webkitprivate.h: Ditto.

WebKit/mac: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* WebView/WebView.mm: Add SPI to manipulate origin access whitelists.
(+[WebView _whiteListAccessFromOrigin:destinationProtocol:destinationHost:allowDestinationSubdomains:]): Ditto.
(+[WebView _resetOriginAccessWhiteLists]): Ditto.
* WebView/WebViewPrivate.h: Ditto.

WebKit/qt: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* Api/qwebsecurityorigin.cpp: Add API to manipulate origin access whitelists.
(QWebSecurityOrigin::whiteListAccessFromOrigin): Ditto.
(QWebSecurityOrigin::resetOriginAccessWhiteLists): Ditto.
* Api/qwebsecurityorigin.h: Ditto.

WebKitTools: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* DumpRenderTree/LayoutTestController.cpp: Expose whiteListAccessFromOrigin() to layout tests.
(whiteListAccessFromOriginCallback): Ditto.
(LayoutTestController::staticFunctions): Ditto.
* DumpRenderTree/LayoutTestController.h: Ditto.
* DumpRenderTree/gtk/LayoutTestControllerGtk.cpp: Ditto.
(LayoutTestController::whiteListAccessToOrigin): Ditto.
* DumpRenderTree/mac/LayoutTestControllerMac.mm: Ditto.
(LayoutTestController::whiteListAccessFromOrigin): Ditto.
* DumpRenderTree/qt/jsobjects.cpp: Ditto.
(LayoutTestController::whiteListAccessFromOrigin): Ditto.
* DumpRenderTree/win/LayoutTestControllerWin.cpp: Stub out whiteListAccessFromOrigin().
(LayoutTestController::whiteListAccessFromOrigin): Ditto.
* DumpRenderTree/gtk/DumpRenderTree.cpp: Reset origin access lists before each test.
(resetWebViewToConsistentStateBeforeTesting): Ditto.
* DumpRenderTree/mac/DumpRenderTree.mm: Ditto.
(resetWebViewToConsistentStateBeforeTesting): Ditto.
* DumpRenderTree/qt/DumpRenderTree.cpp: Ditto.
(WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting): Ditto.

LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* http/tests/xmlhttprequest/origin-whitelisting-all-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-all.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-exact-match-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-exact-match.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-https.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-subdomains-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-subdomains.html: Added.
* http/tests/xmlhttprequest/resources/origin-whitelisting-ip-address-test.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@47548 268f45cc-cd09-0410-ab3c-d52691b4dbfc
46 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-all-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-all.html [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-exact-match-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-exact-match.html [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https.html [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains.html [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-subdomains-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-subdomains.html [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/resources/origin-whitelisting-ip-address-test.html [new file with mode: 0644]
LayoutTests/platform/win/Skipped
WebCore/ChangeLog
WebCore/GNUmakefile.am
WebCore/WebCore.base.exp
WebCore/WebCore.gypi
WebCore/WebCore.pro
WebCore/WebCore.vcproj/WebCore.vcproj
WebCore/WebCore.xcodeproj/project.pbxproj
WebCore/WebCoreSources.bkl
WebCore/page/OriginAccessEntry.cpp [new file with mode: 0644]
WebCore/page/OriginAccessEntry.h [new file with mode: 0644]
WebCore/page/SecurityOrigin.cpp
WebCore/page/SecurityOrigin.h
WebKit/gtk/ChangeLog
WebKit/gtk/webkit/webkitprivate.cpp
WebKit/gtk/webkit/webkitprivate.h
WebKit/mac/ChangeLog
WebKit/mac/WebView/WebView.mm
WebKit/mac/WebView/WebViewPrivate.h
WebKit/qt/Api/qwebsecurityorigin.cpp
WebKit/qt/Api/qwebsecurityorigin.h
WebKit/qt/ChangeLog
WebKitTools/ChangeLog
WebKitTools/DumpRenderTree/LayoutTestController.cpp
WebKitTools/DumpRenderTree/LayoutTestController.h
WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
WebKitTools/DumpRenderTree/mac/DumpRenderTree.mm
WebKitTools/DumpRenderTree/mac/LayoutTestControllerMac.mm
WebKitTools/DumpRenderTree/qt/DumpRenderTree.cpp
WebKitTools/DumpRenderTree/qt/jsobjects.cpp
WebKitTools/DumpRenderTree/win/LayoutTestControllerWin.cpp