Hi Jocelyn,
Thanks for the response! :-) Yes, even I feel that these API's can be implemented as static functions and I would like to submit a patch for this. But it can be done in QWebSecurityOrigin (as you suggested) or be implemented in a new class "QWebSecurityPolicy" (to maintain the coherence between classes in QtWebkit and WebCore) ? Please let me know your opinion. I checked the bug you mentioned: https://bugs.webkit.org/show_bug.cgi?id=31875 (Impossible to make XMLHttpRequest from locally stored HTML page) So this patch can be submiited under the existing bug report itself correct ? Regards, Deepjyoti Saha -----Original Message----- From: Jocelyn Turcotte [mailto:jocelyn.turco...@digia.com] Sent: Wednesday, March 20, 2013 10:17 PM To: Saha, Deepjyoti Cc: webkit-qt@lists.webkit.org Subject: Re: [webkit-qt] Interfaces to whitelist origins in QtWebkit API (your thoughts please!) On Wed, Mar 20, 2013 at 05:06:01PM +0100, Jocelyn Turcotte wrote: > Hello, > > On Fri, Mar 15, 2013 at 10:40:35AM +0000, Saha, Deepjyoti wrote: > > The QtWebkit API set in Qt 4.8 does not contain any intefraces which could > > allow a QtWebkit based browser to add/remove specific domains to be > > whitelisted for cross origin requests. I understand that previosly these > > API's were exposed through the intefraces in "QWebSecurityOrigin" which > > invoked the API's in WebCore's SecurityOrigin class. But currently the > > API's to add/remove a whitelist entry are exposed through WebCore's > > SecurityPolicy class and there are no interfaces in QtWebkit API to invoke > > the same. > > > > I aslo noticed there was a bug raised and it was discussed in the following > > thread: > > https://bugreports.qt-project.org/browse/QTWEBKIT-24?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel > > > > But it has not been implemented yet. It would be great if you could let me > > could know of any particluar reason this was not taken up ? > > To be specific were there any concerns from the security standpoint on > > exposing such interfaces ? > > I think that just nobody had enough interest to fix it, yet :) > > I personally think that this could be implemented as static functions of > QWebSecurityOrigin, similar to addLocalScheme and removeLocalScheme. Other > people might have better idea but if not now, this could be a good starting > point at least. > Allan just pointed me that your bug report points to https://bugs.webkit.org/show_bug.cgi?id=31875 where we already have a similar unfinished implementation. I believe it got forgotten out of other tasks getting in the way, but it should be possible to start again from there. Cheers, Jocelyn ________________________________ This message is confidential and intended only for the addressee. If you have received this message in error, please immediately notify the postmas...@nds.com and delete it from your system as well as any copies. The content of e-mails as well as traffic data may be monitored by NDS for employment and security purposes. To protect the environment please do not print this e-mail unless necessary. An NDS Group Limited company. www.nds.com _______________________________________________ webkit-qt mailing list webkit-qt@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-qt
