subject:"\[webkit\-dev\] Allowing webkit clients to extend XHR security policy"

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-13 Thread Aaron Boodman

Ok, just to close the loop here, it looks like the preference is to do the refactor of permission checking from XHR to DocumentThreadableLoader, and then put the methods I proposed for SecurityOriginClient on FrameLoaderClient instead. I'm not sure who will get to the refactor first -- David, Alex

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-12 Thread Alexey Proskuryakov

Yes, making changes as discussed in bugzilla, plus removing registerURLSchemeAsLocal would be a fine direction. - WBR, Alexey Proskuryakov On 12.04.2009, at 22:58, Aaron Boodman wrote: It sounds to me like our current patch is the best fit because it fits our needs, will work with Chromiu

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-12 Thread Aaron Boodman

It sounds to me like our current patch is the best fit because it fits our needs, will work with Chromium's out-of-process workers, plus it allows us to remove FrameLoader::registerURLSchemeAsLocal() as Alexey requested. It has the downside that the client will get called on multiple threads, but t

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-10 Thread Aaron Boodman

On Thu, Apr 9, 2009 at 9:50 PM, David Levin wrote: > > On Thu, Apr 9, 2009 at 9:03 PM, Alexey Proskuryakov wrote: >> >> On 09.04.2009, at 22:38, Aaron Boodman wrote: >> >>> The local scheme feature is actually more powerful than just XHR >> >> If you only need extensions to do XHR, why not just m

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-09 Thread David Levin

On Thu, Apr 9, 2009 at 9:03 PM, Alexey Proskuryakov wrote: > > On 09.04.2009, at 22:38, Aaron Boodman wrote: > > The local scheme feature is actually more powerful than just XHR >> > > > If you only need extensions to do XHR, why not just make them use > cross-origin XHR? That way, the extension

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-09 Thread Alexey Proskuryakov

On 09.04.2009, at 22:38, Aaron Boodman wrote: The local scheme feature is actually more powerful than just XHR If you only need extensions to do XHR, why not just make them use cross-origin XHR? That way, the extension won't even need to declare the origins it's going to access - all che

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-09 Thread Aaron Boodman

Adding back webkit-dev... On Thu, Apr 9, 2009 at 11:36 AM, Aaron Boodman wrote: > Ok, so if I may sum up the conversation so far: > > * A static call out to a client is ugly, but OK as a temporary measure > * You would like to see this mechanism replace the "local scheme" > thing that already exi

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-09 Thread Alexey Proskuryakov

On 09.04.2009, at 11:38, Aaron Boodman wrote: Chromium extensions run in the same scheme (chrome-extension://), but they do not run in the same origin. They all have unique origins of the form chrome-extension:///. Security origin is scheme + host + port. OK, I didn't know that the scheme was

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-09 Thread David Levin

I have some relevant context that I'll add. On Thu, Apr 9, 2009 at 12:38 AM, Aaron Boodman wrote: > On Wed, Apr 8, 2009 at 11:53 PM, Alexey Proskuryakov > wrote: > > > > On 09.04.2009, at 1:23, Aaron Boodman wrote: > > > >> Rafael Weinstein, who is working with me, consulted with Adam Barth > >>

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-09 Thread Aaron Boodman

On Wed, Apr 8, 2009 at 11:53 PM, Alexey Proskuryakov wrote: > > On 09.04.2009, at 1:23, Aaron Boodman wrote: > >> Rafael Weinstein, who is working with me, consulted with Adam Barth >> and submitted a patch based on his ideas >> for this a few weeks

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-08 Thread Alexey Proskuryakov

On 09.04.2009, at 1:23, Aaron Boodman wrote: Rafael Weinstein, who is working with me, consulted with Adam Barth and submitted a patch based on his ideas for this a few weeks back. It has met with resistance though, and we're not really sure where

[webkit-dev] Allowing webkit clients to extend XHR security policy

2009-04-08 Thread Aaron Boodman

Hello all, I'm working on adding extensions (aka "Add-Ons") to Chromium. One thing we want to enable these extensions to do is to make limited cross-origin XMLHttpRequests. Rafael Weinstein, who is working with me, consulted with Adam Barth and submitted a patch based on his ideas

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

Re: [webkit-dev] Allowing webkit clients to extend XHR security policy

[webkit-dev] Allowing webkit clients to extend XHR security policy

12 matches

Site Navigation

Mail list logo

Footer information