1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 07:47:37 +00:00

LibWeb+Browser: Add Debug menu action for toggling Same-Origin Policy

Sometimes it's useful to turn off the SOP for testing purposes.
Let's make that easy by having a Debug menu item for it. :^)
This commit is contained in:
Andreas Kling 2021-09-12 02:10:43 +02:00
parent c181494b19
commit 19de6bb1cc
5 changed files with 29 additions and 1 deletions

View file

@ -9,6 +9,7 @@
#include <LibWeb/HTML/BrowsingContextContainer.h>
#include <LibWeb/Origin.h>
#include <LibWeb/Page/BrowsingContext.h>
#include <LibWeb/Page/Page.h>
namespace Web::HTML {
@ -43,6 +44,10 @@ Origin BrowsingContextContainer::content_origin() const
bool BrowsingContextContainer::may_access_from_origin(const Origin& origin) const
{
if (auto* page = document().page()) {
if (!page->is_same_origin_policy_enabled())
return true;
}
return origin.is_same(content_origin());
}

View file

@ -56,11 +56,16 @@ public:
Gfx::Palette palette() const;
Gfx::IntRect screen_rect() const;
bool is_same_origin_policy_enabled() const { return m_same_origin_policy_enabled; }
void set_same_origin_policy_enabled(bool b) { m_same_origin_policy_enabled = b; }
private:
PageClient& m_client;
RefPtr<BrowsingContext> m_top_level_browsing_context;
WeakPtr<BrowsingContext> m_focused_context;
bool m_same_origin_policy_enabled { true };
};
class PageClient {

View file

@ -18,6 +18,7 @@
#include <LibWeb/HTML/EventNames.h>
#include <LibWeb/Loader/ResourceLoader.h>
#include <LibWeb/Origin.h>
#include <LibWeb/Page/Page.h>
#include <LibWeb/XHR/EventNames.h>
#include <LibWeb/XHR/ProgressEvent.h>
#include <LibWeb/XHR/XMLHttpRequest.h>
@ -172,7 +173,11 @@ DOM::ExceptionOr<void> XMLHttpRequest::send()
// TODO: Add support for preflight requests to support CORS requests
Origin request_url_origin = Origin(request_url.protocol(), request_url.host(), request_url.port());
if (!m_window->associated_document().origin().is_same(request_url_origin)) {
bool should_enforce_same_origin_policy = true;
if (auto* page = m_window->page())
should_enforce_same_origin_policy = page->is_same_origin_policy_enabled();
if (should_enforce_same_origin_policy && !m_window->associated_document().origin().is_same(request_url_origin)) {
dbgln("XHR failed to load: Same-Origin Policy violation: {} may not load {}", m_window->associated_document().url(), request_url);
auto weak_this = make_weak_ptr();
if (!weak_this)