forked from nwjs/nw.js
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwebkit.patch
More file actions
207 lines (189 loc) · 9.46 KB
/
webkit.patch
File metadata and controls
207 lines (189 loc) · 9.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
diff --git a/Source/WebCore/WebCore.gyp/WebCore.gyp b/Source/WebCore/WebCore.gyp/WebCore.gyp
index db04f41..0061906 100644
--- a/Source/WebCore/WebCore.gyp/WebCore.gyp
+++ b/Source/WebCore/WebCore.gyp/WebCore.gyp
@@ -57,6 +57,7 @@
'webcore_include_dirs': [
'../',
'../..',
+ '../../../../..',
'../Modules/battery',
'../Modules/filesystem',
'../Modules/filesystem/chromium',
diff --git a/Source/WebCore/bindings/generic/BindingSecurity.cpp b/Source/WebCore/bindings/generic/BindingSecurity.cpp
index 8dde685..4d8e7c3 100644
--- a/Source/WebCore/bindings/generic/BindingSecurity.cpp
+++ b/Source/WebCore/bindings/generic/BindingSecurity.cpp
@@ -47,17 +47,8 @@ static bool canAccessDocument(BindingState* state, Document* targetDocument, Sec
if (!targetDocument)
return false;
- DOMWindow* active = activeDOMWindow(state);
- if (!active)
- return false;
-
- if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
- return true;
-
- if (reportingOption == ReportSecurityError)
- immediatelyReportUnsafeAccessTo(state, targetDocument);
-
- return false;
+ // Bypass security check
+ return true;
}
bool BindingSecurity::shouldAllowAccessToFrame(BindingState* state, Frame* target, SecurityReportingOption reportingOption)
diff --git a/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm b/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
index bf63678..5de80ed 100644
--- a/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
+++ b/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
@@ -2787,7 +2787,7 @@ END
my $access_check = "";
if ($dataNode->extendedAttributes->{"CheckSecurity"} && !($interfaceName eq "DOMWindow")) {
- $access_check = "instance->SetAccessCheckCallbacks(V8${interfaceName}::namedSecurityCheck, V8${interfaceName}::indexedSecurityCheck, v8::External::Wrap(&V8${interfaceName}::info));";
+ $access_check = "";
}
# For the DOMWindow interface, generate the shadow object template
@@ -2799,7 +2799,7 @@ static v8::Persistent<v8::ObjectTemplate> ConfigureShadowObjectTemplate(v8::Pers
V8DOMConfiguration::batchConfigureAttributes(templ, v8::Handle<v8::ObjectTemplate>(), shadowAttrs, WTF_ARRAY_LENGTH(shadowAttrs));
// Install a security handler with V8.
- templ->SetAccessCheckCallbacks(V8DOMWindow::namedSecurityCheck, V8DOMWindow::indexedSecurityCheck, v8::External::Wrap(&V8DOMWindow::info));
+ // templ->SetAccessCheckCallbacks(V8DOMWindow::namedSecurityCheck, V8DOMWindow::indexedSecurityCheck, v8::External::Wrap(&V8DOMWindow::info));
templ->SetInternalFieldCount(V8DOMWindow::internalFieldCount);
return templ;
}
@@ -2938,7 +2938,7 @@ END
// Set access check callbacks, but turned off initially.
// When a context is detached from a frame, turn on the access check.
// Turning on checks also invalidates inline caches of the object.
- instance->SetAccessCheckCallbacks(V8DOMWindow::namedSecurityCheck, V8DOMWindow::indexedSecurityCheck, v8::External::Wrap(&V8DOMWindow::info), false);
+ // instance->SetAccessCheckCallbacks(V8DOMWindow::namedSecurityCheck, V8DOMWindow::indexedSecurityCheck, v8::External::Wrap(&V8DOMWindow::info), false);
END
}
if ($interfaceName eq "HTMLDocument") {
diff --git a/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp b/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp
index 2224c70..b933632 100644
--- a/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp
+++ b/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp
@@ -63,6 +63,9 @@
#include "V8Proxy.h"
#include "WorkerContextExecutionProxy.h"
+#include "third_party/node/src/node.h"
+#include "third_party/node/src/req_wrap.h"
+
#include <algorithm>
#include <stdio.h>
#include <utility>
@@ -280,6 +283,7 @@ bool V8DOMWindowShell::initContextIfNeeded()
// Create a handle scope for all local handles.
v8::HandleScope handleScope;
+ v8::Handle<v8::Context> nodeContext = v8::Context::GetEntered();
// Setup the security handlers and message listener. This only has
// to be done once.
@@ -341,7 +345,16 @@ bool V8DOMWindowShell::initContextIfNeeded()
updateDocument();
- setSecurityToken();
+ // Bypass default security token
+ v8Context->SetSecurityToken(nodeContext->GetSecurityToken());
+
+ // Transfer node's global symbols to webkit
+ v8::Local<v8::Object> nodeGlobal = nodeContext->Global();
+ v8::Local<v8::Array> symbols = nodeGlobal->GetPropertyNames();
+ for (unsigned i = 0; i < symbols->Length(); ++i) {
+ v8::Local<v8::Value> key = symbols->Get(i);
+ m_global->Set(key, nodeGlobal->Get(key));
+ }
if (m_frame->document())
v8Context->AllowCodeGenerationFromStrings(m_frame->document()->contentSecurityPolicy()->allowEval(0, ContentSecurityPolicy::SuppressReport));
@@ -352,6 +365,25 @@ bool V8DOMWindowShell::initContextIfNeeded()
// we do isolated worlds the WebCore way.
m_frame->loader()->dispatchDidClearWindowObjectInWorld(0);
+ v8::Local<v8::Script> script = v8::Script::New(v8::String::New(
+ // Make node's relative modules work
+#if defined(OS_WIN)
+ "process.mainModule.filename = window.location.pathname.substr(1);"
+#else
+ "process.mainModule.filename = window.location.pathname;"
+#endif
+ "process.chdir(require('path').dirname(process.mainModule.filename));"
+ "process.mainModule.paths = require('module')._nodeModulePaths(process.cwd());"
+
+ // Use WebKit's console and setTimeout globally
+ "global.console = console;"
+ "global.setTimeout = setTimeout;"
+ "global.clearTimeout = clearTimeout;"
+ "global.setInterval = setInterval;"
+ "global.clearInterval = clearInterval;"
+ ));
+ script->Run();
+
return true;
}
diff --git a/Source/WebCore/loader/CrossOriginAccessControl.cpp b/Source/WebCore/loader/CrossOriginAccessControl.cpp
index aba2ba0..ec76d5a 100644
--- a/Source/WebCore/loader/CrossOriginAccessControl.cpp
+++ b/Source/WebCore/loader/CrossOriginAccessControl.cpp
@@ -134,37 +134,6 @@ ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque
bool passesAccessControlCheck(const ResourceResponse& response, StoredCredentials includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription)
{
- AtomicallyInitializedStatic(AtomicString&, accessControlAllowOrigin = *new AtomicString("access-control-allow-origin"));
- AtomicallyInitializedStatic(AtomicString&, accessControlAllowCredentials = *new AtomicString("access-control-allow-credentials"));
-
- // A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent,
- // even with Access-Control-Allow-Credentials set to true.
- const String& accessControlOriginString = response.httpHeaderField(accessControlAllowOrigin);
- if (accessControlOriginString == "*" && includeCredentials == DoNotAllowStoredCredentials)
- return true;
-
- if (securityOrigin->isUnique()) {
- errorDescription = "Cannot make any requests from " + securityOrigin->toString() + ".";
- return false;
- }
-
- // FIXME: Access-Control-Allow-Origin can contain a list of origins.
- if (accessControlOriginString != securityOrigin->toString()) {
- if (accessControlOriginString == "*")
- errorDescription = "Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.";
- else
- errorDescription = "Origin " + securityOrigin->toString() + " is not allowed by Access-Control-Allow-Origin.";
- return false;
- }
-
- if (includeCredentials == AllowStoredCredentials) {
- const String& accessControlCredentialsString = response.httpHeaderField(accessControlAllowCredentials);
- if (accessControlCredentialsString != "true") {
- errorDescription = "Credentials flag is true, but Access-Control-Allow-Credentials is not \"true\".";
- return false;
- }
- }
-
return true;
}
diff --git a/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp b/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp
index 04d5881..65e4734 100644
--- a/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp
+++ b/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp
@@ -123,13 +123,6 @@ bool CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod(const String&
bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHeaderMap& requestHeaders, String& errorDescription) const
{
- HTTPHeaderMap::const_iterator end = requestHeaders.end();
- for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) {
- if (!m_headers.contains(it->first) && !isOnAccessControlSimpleRequestHeaderWhitelist(it->first, it->second)) {
- errorDescription = "Request header field " + it->first.string() + " is not allowed by Access-Control-Allow-Headers.";
- return false;
- }
- }
return true;
}
diff --git a/Source/WebKit/chromium/src/WebKit.cpp b/Source/WebKit/chromium/src/WebKit.cpp
index 9331d05..eca2f5b 100644
--- a/Source/WebKit/chromium/src/WebKit.cpp
+++ b/Source/WebKit/chromium/src/WebKit.cpp
@@ -95,7 +95,8 @@ static bool generateEntropy(unsigned char* buffer, size_t length)
#ifndef NDEBUG
static void assertV8RecursionScope()
{
- ASSERT(!isMainThread() || WebCore::V8RecursionScope::properlyUsed());
+ // FIXME See why this failed when node::SetupContext
+ // ASSERT(!isMainThread() || WebCore::V8RecursionScope::properlyUsed());
}
#endif