Fix for handling CSP behavior for backward compatibility with tizen 2.x

WRT delivers the CSP elements of config.xml in web application
to the webengine through ewk_view_content_security_policy_set API.

However, some problem takes place in web application which doesn't set
CSP element in config.xml. In order to resolve this compatibility
problem, this patch adds the workaround codes for backward compatibility
with tizen 2.x by request of webengine.

In the webapp of tizen 2.x, this patch allows the all CSP policy
by using "allow *;" element.

Bug: http://suprem.sec.samsung.net/jira/browse/TWF-2689

Change-Id: Ifba3a8db7fa5a7ab984e9746ba8e3cbb7a901c10
Signed-off-by: Youngcheol Kang <ychul.kang@samsung.com>

diff --git a/runtime/browser/web_application.cc b/runtime/browser/web_application.cc
index a99a8764e1497fc6de29b8c995290980ba79e968..0bb0383a8f4874dcf2adce230a42e40dcd32d5a6 100755 (executable)
--- a/runtime/browser/web_application.cc
+++ b/runtime/browser/web_application.cc
@@ -455,7 +455,19 @@ bool WebApplication::Initialize() {
     security_model_version_ = 2;
     if (app_data_->csp_info() == NULL ||
         app_data_->csp_info()->security_rules().empty()) {
-      csp_rule_ = kDefaultCSPRule;
+      // Add the workaround codes for backward compatibility with tizen 2.x
+      // by request of webengine. In the webapp of tizen 2.x, this patch allows
+      // the all CSP policy by using "allow *;" option.
+      if (app_data_->tizen_application_info() != NULL &&
+          !app_data_->tizen_application_info()->required_version().empty()) {
+        std::string tizen_version = app_data_->tizen_application_info()->required_version();
+        if (tizen_version[0] == '2')
+          csp_rule_ = "allow *;";
+        else
+          csp_rule_ = kDefaultCSPRule;
+      } else {
+        csp_rule_ = kDefaultCSPRule;
+      }
     } else {
       csp_rule_ = app_data_->csp_info()->security_rules();
     }