i have implemented an XPCOM component in javascript with the nsISecurityCheckedComponent interface. it is added to the category manager as a "Javascript global property". i can access it (or fail to access it) from a web page by returning "AllAccess" or "NoAccess" from the nsISecurity* methods. so far, so good.
the problem is that AllAccess or NoAccess needs to be determined by the URL of the calling web page -- the component is part of an extension that can be installed from my web site, and it should only trust script from my web site. i cannot call getSubjectPrincipal() on the scriptsecuritymanager from javascript (why not?). Components.stack.caller is always "native frame :: <unknown filename> :: <TOP_LEVEL> :: line 0" within my component. how can i determine the URL of the javascript code that is calling my component? is there anyway to use SameOrigin security and somehow define the component's origin to be the same as my web site? thanks! _______________________________________________ dev-tech-xpcom mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-xpcom
