[webkit-gtk] Exposing enable-web-security through WebKitSettings? (for test harnesses)

Tue, 18 Mar 2014 08:10:02 -0700 

Hi all,

Today I was trying to run the CSS 2.1 suite with MiniBrowser, as described in 
[1], but could not do it because the test suite would not run due to the 
following error observed in the JS console:

"No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'null' is therefore not allowed access."

That is basically the "same-origin" policy working, which gets honoured 
internally if the WebSecurityEnabled property is set to true (which is like 
that by default). Actually, doing a quick check with chromium led to a similar 
result (test suite not running), but in that case it was easy to overcome the 
problem since chromium provides a --disable-web-security command line switch 
that you can use to disable the "same-origin" policy (see [2]).

So, because I'm pretty much interested in running that test suite in WebKit 
too, I just did some small changes to expose this setting too in WebKit2GTK (I 
use a "enable-web-security" property) and I was wondering if there would be 
interest in upstreaming this as part of the WebKitSettings API.

Honestly, I'm not sure how useful exposing this feature would be or how many 
use cases would benefit of it, but I know of one which is the one I found (test 
harnesses), which seems to be the primary reason for this setting to exist, as 
I can red from Document.cpp:

 [...]
 if (Settings* settings = this->settings()) {
     if (!settings->webSecurityEnabled()) {
         // Web security is turned off. We should let this document access 
every other document. This is used primary by testing
         // harnesses for web sites.
         securityOrigin()->grantUniversalAccess();
     } else if (securityOrigin()->isLocal()) {
         [...]
     }
     [...]
 } 

So, what do you think? I have the patch almost ready (documentation not added 
yet) in a local branch so I was thinking of filing a bug and attaching it for 
review unless someone thinks this is not a good idea.

Thanks,
Mario

[1] http://trac.webkit.org/wiki/CSS21Results
[2] http://peter.sh/experiments/chromium-command-line-switches

_______________________________________________
webkit-gtk mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-gtk

Reply via email to