Fix for handling CSP behavior for backward compatibility with tizen 2.x

WRT delivers the CSP elements of config.xml in web application
to the webengine through ewk_view_content_security_policy_set API.

However, some problem takes place in web application which doesn't set
CSP element in config.xml. In order to resolve this compatibility
problem, this patch adds the workaround codes for backward compatibility
with tizen 2.x by request of webengine.

In the webapp of tizen 2.x, this patch allows the all CSP policy
by using "allow *;" element.

Bug: http://suprem.sec.samsung.net/jira/browse/TWF-2689

Change-Id: Ifba3a8db7fa5a7ab984e9746ba8e3cbb7a901c10
Signed-off-by: Youngcheol Kang <ychul.kang@samsung.com>

diff --git a/runtime/browser/web_application.cc b/runtime/browser/web_application.cc
index a99a876..0bb0383 100755 (executable)
--- a/runtime/browser/web_application.cc
+++ b/runtime/browser/web_application.cc
@@ -455,7 +455,19 @@ bool WebApplication::Initialize() {
     security_model_version_ = 2;
     if (app_data_->csp_info() == NULL ||
         app_data_->csp_info()->security_rules().empty()) {
-      csp_rule_ = kDefaultCSPRule;
+      // Add the workaround codes for backward compatibility with tizen 2.x
+      // by request of webengine. In the webapp of tizen 2.x, this patch allows
+      // the all CSP policy by using "allow *;" option.
+      if (app_data_->tizen_application_info() != NULL &&
+          !app_data_->tizen_application_info()->required_version().empty()) {
+        std::string tizen_version = app_data_->tizen_application_info()->required_version();
+        if (tizen_version[0] == '2')
+          csp_rule_ = "allow *;";
+        else
+          csp_rule_ = kDefaultCSPRule;
+      } else {
+        csp_rule_ = kDefaultCSPRule;
+      }
     } else {
       csp_rule_ = app_data_->csp_info()->security_rules();
     }