3 files changed, 14 insertions, 0 deletions

diff --git a/webkit/glue/webframe.h b/webkit/glue/webframe.h
index 97559b6..b61125d 100644
--- a/webkit/glue/webframe.h
+++ b/webkit/glue/webframe.h
@@ -51,6 +51,12 @@ class WebFrame {
   // TODO(fqian): Remove this method when V8 supports NP runtime.
   virtual void* GetFrameImplementation() = 0;
 
+  // TODO(mpcomplete): remove this before Chrome extensions ship.
+  // HACK.  This is a temporary workaround to allow cross-origin XHR for Chrome
+  // extensions.  It allows no fine-grained control over what origins are
+  // accessible, instead granting access to everything (including file URLs).
+  virtual void AllowCrossOriginAccessHack() = 0;
+
   virtual NPObject* GetWindowNPObject() = 0;
 
   // Loads the given WebRequest.
diff --git a/webkit/glue/webframe_impl.cc b/webkit/glue/webframe_impl.cc
index 885b928..84d42b4 100644
--- a/webkit/glue/webframe_impl.cc
+++ b/webkit/glue/webframe_impl.cc
@@ -882,6 +882,13 @@ void WebFrameImpl::CallJSGC() {
 #endif
 }
 
+void WebFrameImpl::AllowCrossOriginAccessHack() {
+  DCHECK(frame_ && frame_->document());
+  if (frame_ && frame_->document()) {
+    frame_->document()->securityOrigin()->grantUniversalAccess();
+  }
+}
+
 void WebFrameImpl::GetContentAsPlainText(int max_chars,
                                          std::wstring* text) const {
   text->clear();
diff --git a/webkit/glue/webframe_impl.h b/webkit/glue/webframe_impl.h
index a80ee91..7ae2639 100644
--- a/webkit/glue/webframe_impl.h
+++ b/webkit/glue/webframe_impl.h
@@ -121,6 +121,7 @@ class WebFrameImpl : public WebFrame, public base::RefCounted<WebFrameImpl> {
   virtual void CallJSGC();
 
   virtual void* GetFrameImplementation() { return frame(); }
+  virtual void AllowCrossOriginAccessHack();
 
   virtual NPObject* GetWindowNPObject();