diff options
| author | mpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-04-17 18:45:44 +0000 |
|---|---|---|
| committer | mpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-04-17 18:45:44 +0000 |
| commit | 4b8323b0bbbbdcf1c6cd9dd445fbd9f2d2a9233e (patch) | |
| tree | 473c1383e37d7164a8f9bd4cf28744b9e38704c3 | |
| parent | f8209cd56d6b3fb89a4afba2897cc86f6bbf287b (diff) | |
| download | chromium_src-4b8323b0bbbbdcf1c6cd9dd445fbd9f2d2a9233e.zip chromium_src-4b8323b0bbbbdcf1c6cd9dd445fbd9f2d2a9233e.tar.gz chromium_src-4b8323b0bbbbdcf1c6cd9dd445fbd9f2d2a9233e.tar.bz2 | |
Rename AllowCrossOriginAccessHack to GrantUniversalAccess, and move the HACK
warnings to the callsite.
Review URL: http://codereview.chromium.org/79028
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13953 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/renderer/render_view.cc | 6 | ||||
| -rw-r--r-- | webkit/glue/webframe.h | 9 | ||||
| -rw-r--r-- | webkit/glue/webframe_impl.cc | 2 | ||||
| -rw-r--r-- | webkit/glue/webframe_impl.h | 2 |
4 files changed, 11 insertions, 8 deletions
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc index 64d20d2..71dc812 100644 --- a/chrome/renderer/render_view.cc +++ b/chrome/renderer/render_view.cc @@ -1537,8 +1537,12 @@ void RenderView::WindowObjectCleared(WebFrame* webframe) { } void RenderView::DocumentElementAvailable(WebFrame* frame) { + // TODO(mpcomplete): remove this before Chrome extensions ship. + // HACK. This is a temporary workaround to allow cross-origin XHR for Chrome + // extensions. It grants full access to every origin, when we really want + // to be able to restrict them more specifically. if (frame->GetURL().SchemeIs(chrome::kExtensionScheme)) - frame->AllowCrossOriginAccessHack(); + frame->GrantUniversalAccess(); if (RenderThread::current()) // Will be NULL during unit tests. RenderThread::current()->user_script_slave()->InjectScripts( diff --git a/webkit/glue/webframe.h b/webkit/glue/webframe.h index b61125d..6a9c47b 100644 --- a/webkit/glue/webframe.h +++ b/webkit/glue/webframe.h @@ -51,11 +51,10 @@ class WebFrame { // TODO(fqian): Remove this method when V8 supports NP runtime. virtual void* GetFrameImplementation() = 0; - // TODO(mpcomplete): remove this before Chrome extensions ship. - // HACK. This is a temporary workaround to allow cross-origin XHR for Chrome - // extensions. It allows no fine-grained control over what origins are - // accessible, instead granting access to everything (including file URLs). - virtual void AllowCrossOriginAccessHack() = 0; + // This grants the currently loaded Document access to all security origins + // (including file URLs). Use with care. The access is revoked when a new + // document is loaded into this frame. + virtual void GrantUniversalAccess() = 0; virtual NPObject* GetWindowNPObject() = 0; diff --git a/webkit/glue/webframe_impl.cc b/webkit/glue/webframe_impl.cc index aeb01d5..3a90612 100644 --- a/webkit/glue/webframe_impl.cc +++ b/webkit/glue/webframe_impl.cc @@ -878,7 +878,7 @@ void WebFrameImpl::CallJSGC() { #endif } -void WebFrameImpl::AllowCrossOriginAccessHack() { +void WebFrameImpl::GrantUniversalAccess() { DCHECK(frame_ && frame_->document()); if (frame_ && frame_->document()) { frame_->document()->securityOrigin()->grantUniversalAccess(); diff --git a/webkit/glue/webframe_impl.h b/webkit/glue/webframe_impl.h index 7ae2639..3cf12f1 100644 --- a/webkit/glue/webframe_impl.h +++ b/webkit/glue/webframe_impl.h @@ -121,7 +121,7 @@ class WebFrameImpl : public WebFrame, public base::RefCounted<WebFrameImpl> { virtual void CallJSGC(); virtual void* GetFrameImplementation() { return frame(); } - virtual void AllowCrossOriginAccessHack(); + virtual void GrantUniversalAccess(); virtual NPObject* GetWindowNPObject(); |