Some specific case in Tizen TV, we need to enable this.
When hosted applications want to use tv device api,
load file://opt/usr/apps/pepper/webapis.js located in local.
But, they cannot access local because of security vulnerability(SOP)
Policy of webapis.js is only located in local.
Reference:
https://review.tizen.org/gerrit/282771/
Change-Id: Id7e29a72dd5571770ae196d5387d97d98eb9d326
Signed-off-by: xiafeng <feng.xia@samsung.com>
// GuestViews in the same StoragePartition need to find each other's frames.
prefs.renderer_wide_named_frame_lookup = IsGuest();
+#if BUILDFLAG(IS_TIZEN_TV)
+ // Disallow file access from external urls by default.
+ prefs.allow_file_access_from_external_urls = false;
+#endif
+
GetContentClient()->browser()->OverrideWebkitPrefs(this, &prefs);
return prefs;
}
CHECK_EQ(NavigationCommitState::kWillCommit, navigation_commit_state_);
navigation_commit_state_ = NavigationCommitState::kDidCommit;
+#if BUILDFLAG(IS_TIZEN_TV)
+ if (GetWebView() && GetWebView()->GetSettings()
+ ->AllowFileAccessFromExternalURLs())
+ frame_->GetDocument().GrantLoadLocalResources();
+#endif
+
WebDocumentLoader* document_loader = frame_->GetDocumentLoader();
DocumentState* document_state =
DocumentState::FromDocumentLoader(document_loader);
out->webxr_immersive_ar_allowed = data.webxr_immersive_ar_allowed();
out->renderer_wide_named_frame_lookup =
data.renderer_wide_named_frame_lookup();
+#if BUILDFLAG(IS_TIZEN_TV)
+ out->allow_file_access_from_external_urls =
+ data.allow_file_access_from_external_urls();
+#endif
return true;
}
// (false). Used by StrictMimetypeCheckForWorkerScriptsEnabled policy.
bool strict_mime_type_check_for_worker_scripts_enabled = true;
+#if BUILDFLAG(IS_TIZEN_TV)
+ // Hosted app need to get local access privilege when they use tv device api
+ // located in local path(file://usr/apps/pepper/webapis/webapis.js)
+ bool allow_file_access_from_external_urls = false;
+#endif
+
// We try to keep the default values the same as the default values in
// chrome, except for the cases where it would require lots of extra work for
// the embedder to use the same default value.
return r.allow_file_access_from_file_urls;
}
+#if BUILDFLAG(IS_TIZEN_TV)
+ static bool allow_file_access_from_external_urls(
+ const blink::web_pref::WebPreferences& r) {
+ return r.allow_file_access_from_external_urls;
+ }
+#endif
+
static bool webgl1_enabled(const blink::web_pref::WebPreferences& r) {
return r.webgl1_enabled;
}
bool renderer_wide_named_frame_lookup;
bool strict_mime_type_check_for_worker_scripts_enabled = true;
+
+ [EnableIf=is_tizen_tv]
+ bool allow_file_access_from_external_urls;
};
WebSecurityOrigin GetSecurityOrigin() const;
bool IsSecureContext() const;
+#if BUILDFLAG(IS_TIZEN_TV)
+ void GrantLoadLocalResources();
+#endif
+
WebString Encoding() const;
WebString ContentLanguage() const;
WebString GetReferrer() const;
virtual bool UsesEncodingDetector() const = 0;
#endif
+#if BUILDFLAG(IS_TIZEN_TV)
+ virtual bool AllowFileAccessFromExternalURLs() = 0;
+ virtual void SetAllowFileAccessFromExternalURLs(bool) = 0;
+#endif
+
#if defined(TIZEN_ATK_SUPPORT)
virtual void SetAccessibilityEnabled(bool) = 0;
virtual bool GetAccessibilityEnabled() = 0;
#include "third_party/blink/renderer/platform/weborigin/security_origin.h"
#include "third_party/blink/renderer/platform/wtf/casting.h"
+#if BUILDFLAG(IS_TIZEN_TV)
+#include "third_party/blink/renderer/core/frame/local_dom_window.h"
+#endif
+
namespace {
static const blink::WebStyleSheetKey GenerateStyleSheetKey() {
return context && context->IsSecureContext();
}
+#if BUILDFLAG(IS_TIZEN_TV)
+void WebDocument::GrantLoadLocalResources() {
+ if (Document* document = Unwrap<Document>())
+ document->domWindow()->GetMutableSecurityOrigin()->GrantLoadLocalResources();
+}
+#endif
+
WebString WebDocument::Encoding() const {
return ConstUnwrap<Document>()->EncodingName();
}
}
#endif
+#if BUILDFLAG(IS_TIZEN_TV)
+void WebSettingsImpl::SetAllowFileAccessFromExternalURLs(bool allow) {
+ settings_->SetAllowFileAccessFromExternalURLs(allow);
+}
+
+bool WebSettingsImpl::AllowFileAccessFromExternalURLs() {
+ return settings_->GetAllowFileAccessFromExternalURLs();
+}
+#endif
+
#if defined(TIZEN_ATK_SUPPORT)
void WebSettingsImpl::SetAccessibilityEnabled(bool enabled) {
settings_->SetAccessibilityEnabled(enabled);
bool UsesEncodingDetector() const override;
#endif
+#if BUILDFLAG(IS_TIZEN_TV)
+ void SetAllowFileAccessFromExternalURLs(bool) override;
+ bool AllowFileAccessFromExternalURLs() override;
+#endif
+
#if defined(TIZEN_ATK_SUPPORT)
void SetAccessibilityEnabled(bool) override;
bool GetAccessibilityEnabled() override;
settings->SetAccessibilityEnabled(prefs.atk_enabled);
#endif
+#if BUILDFLAG(IS_TIZEN_TV)
+ settings->SetAllowFileAccessFromExternalURLs(
+ prefs.allow_file_access_from_external_urls);
+#endif
+
#if BUILDFLAG(IS_EFL)
settings->SetTizenVersion(prefs.tizen_version_major,
prefs.tizen_version_minor,
initial: false,
type: "bool"
},
+ {
+ name: "allowFileAccessFromExternalURLs",
+ initial: false,
+ type: "bool"
+ },
],
}
Eina_Bool ewk_settings_allow_file_access_from_external_url_set(Ewk_Settings* settings, Eina_Bool allow)
{
- LOG_EWK_API_MOCKUP();
+#if BUILDFLAG(IS_TIZEN_TV)
+ LOG(INFO) << "ewk_settings_allow_file_access_from_external_url_set, allow: " << (bool)allow;
+ EINA_SAFETY_ON_NULL_RETURN_VAL(settings, EINA_FALSE);
+ settings->getPreferences().allow_file_access_from_external_urls = allow;
+ ewkUpdateWebkitPreferences(settings->getEvasObject());
+ return EINA_TRUE;
+#else
+ LOG_EWK_API_MOCKUP("Only for Tizen TV");
return EINA_FALSE;
+#endif
}
Eina_Bool ewk_settings_swipe_to_refresh_enabled_set(Ewk_Settings* settings, Eina_Bool enable)