mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 07:47:37 +00:00
LibWeb+Browser: Add Debug menu action for toggling Same-Origin Policy
Sometimes it's useful to turn off the SOP for testing purposes. Let's make that easy by having a Debug menu item for it. :^)
This commit is contained in:
parent
c181494b19
commit
19de6bb1cc
5 changed files with 29 additions and 1 deletions
|
@ -9,6 +9,7 @@
|
|||
#include <LibWeb/HTML/BrowsingContextContainer.h>
|
||||
#include <LibWeb/Origin.h>
|
||||
#include <LibWeb/Page/BrowsingContext.h>
|
||||
#include <LibWeb/Page/Page.h>
|
||||
|
||||
namespace Web::HTML {
|
||||
|
||||
|
@ -43,6 +44,10 @@ Origin BrowsingContextContainer::content_origin() const
|
|||
|
||||
bool BrowsingContextContainer::may_access_from_origin(const Origin& origin) const
|
||||
{
|
||||
if (auto* page = document().page()) {
|
||||
if (!page->is_same_origin_policy_enabled())
|
||||
return true;
|
||||
}
|
||||
return origin.is_same(content_origin());
|
||||
}
|
||||
|
||||
|
|
|
@ -56,11 +56,16 @@ public:
|
|||
Gfx::Palette palette() const;
|
||||
Gfx::IntRect screen_rect() const;
|
||||
|
||||
bool is_same_origin_policy_enabled() const { return m_same_origin_policy_enabled; }
|
||||
void set_same_origin_policy_enabled(bool b) { m_same_origin_policy_enabled = b; }
|
||||
|
||||
private:
|
||||
PageClient& m_client;
|
||||
|
||||
RefPtr<BrowsingContext> m_top_level_browsing_context;
|
||||
WeakPtr<BrowsingContext> m_focused_context;
|
||||
|
||||
bool m_same_origin_policy_enabled { true };
|
||||
};
|
||||
|
||||
class PageClient {
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
#include <LibWeb/HTML/EventNames.h>
|
||||
#include <LibWeb/Loader/ResourceLoader.h>
|
||||
#include <LibWeb/Origin.h>
|
||||
#include <LibWeb/Page/Page.h>
|
||||
#include <LibWeb/XHR/EventNames.h>
|
||||
#include <LibWeb/XHR/ProgressEvent.h>
|
||||
#include <LibWeb/XHR/XMLHttpRequest.h>
|
||||
|
@ -172,7 +173,11 @@ DOM::ExceptionOr<void> XMLHttpRequest::send()
|
|||
// TODO: Add support for preflight requests to support CORS requests
|
||||
Origin request_url_origin = Origin(request_url.protocol(), request_url.host(), request_url.port());
|
||||
|
||||
if (!m_window->associated_document().origin().is_same(request_url_origin)) {
|
||||
bool should_enforce_same_origin_policy = true;
|
||||
if (auto* page = m_window->page())
|
||||
should_enforce_same_origin_policy = page->is_same_origin_policy_enabled();
|
||||
|
||||
if (should_enforce_same_origin_policy && !m_window->associated_document().origin().is_same(request_url_origin)) {
|
||||
dbgln("XHR failed to load: Same-Origin Policy violation: {} may not load {}", m_window->associated_document().url(), request_url);
|
||||
auto weak_this = make_weak_ptr();
|
||||
if (!weak_this)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue