On 25.06.2010 17:54, Dan Wood wrote:
I think it's time to ask Apple to (1) document this somehow, and (2) expose a
the private API for making it possible for developers to white-list or turn off
the restriction where needed.
Anyhow, I traced the WebCore method you suggested up to this private WebView
API:
@interface WebView (WebViewPrivate)
// Whitelists access from an origin (sourceOrigin) to a set of one or more
origins described by the parameters:
// - destinationProtocol: The protocol to grant access to.
// - destinationHost: The host to grant access to.
// - allowDestinationSubdomains: If host is a domain, setting this to YES will
whitelist host and all its subdomains, recursively.
+ (void)_addOriginAccessWhitelistEntryWithSourceOrigin:(NSString *)sourceOrigin
destinationProtocol:(NSString *)destinationProtocol destinationHost:(NSString
*)destinationHost allowDestinationSubdomains:(BOOL)allowDestinationSubdomains;
@end
I tried using it like this. I'm not really clear on what I should be putting
as the parameters. I gave it my best guess but no dice.
[WebView _addOriginAccessWhitelistEntryWithSourceOrigin:@"localhost"
destinationProtocol:@"file" destinationHost:@"localhost" allowDestinationSubdomains:NO];
Any advice from those in the know?
I recall you need to pass full url of your main resource in first
parameter, and destinationHost: is ignored for "file" protocol, so this
way you whitelist all "file://" urls at once (may be dangerous!).
Not sure how this will work for main resource loaded through HTML
string, though. You might need to consult the source code. It's
located here, if you brave: WebCore/page/SecurityOrigin.cpp
--
Alex
_______________________________________________
webkit-help mailing list
webkit-help@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-help
