From f2afa7508b8bcbdbf23c0818b0be0c6b4b5ed548 Mon Sep 17 00:00:00 2001 From: Youngcheol Kang Date: Tue, 20 Dec 2016 20:37:38 +0900 Subject: [PATCH] Fix for handling CSP behavior for backward compatibility with tizen 2.x WRT delivers the CSP elements of config.xml in web application to the webengine through ewk_view_content_security_policy_set API. However, some problem takes place in web application which doesn't set CSP element in config.xml. In order to resolve this compatibility problem, this patch adds the workaround codes for backward compatibility with tizen 2.x by request of webengine. In the webapp of tizen 2.x, this patch allows the all CSP policy by using "allow *;" element. Bug: http://suprem.sec.samsung.net/jira/browse/TWF-2689 Change-Id: Ifba3a8db7fa5a7ab984e9746ba8e3cbb7a901c10 Signed-off-by: Youngcheol Kang --- runtime/browser/web_application.cc | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/runtime/browser/web_application.cc b/runtime/browser/web_application.cc index a99a876..0bb0383 100755 --- a/runtime/browser/web_application.cc +++ b/runtime/browser/web_application.cc @@ -455,7 +455,19 @@ bool WebApplication::Initialize() { security_model_version_ = 2; if (app_data_->csp_info() == NULL || app_data_->csp_info()->security_rules().empty()) { - csp_rule_ = kDefaultCSPRule; + // Add the workaround codes for backward compatibility with tizen 2.x + // by request of webengine. In the webapp of tizen 2.x, this patch allows + // the all CSP policy by using "allow *;" option. + if (app_data_->tizen_application_info() != NULL && + !app_data_->tizen_application_info()->required_version().empty()) { + std::string tizen_version = app_data_->tizen_application_info()->required_version(); + if (tizen_version[0] == '2') + csp_rule_ = "allow *;"; + else + csp_rule_ = kDefaultCSPRule; + } else { + csp_rule_ = kDefaultCSPRule; + } } else { csp_rule_ = app_data_->csp_info()->security_rules(); } -- 2.7.4