Harden the implementation of '--disable-web-security'

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h

 /*
  * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 132 matching lines @@
     // Explicitly grant the ability to load local resources to this
     // SecurityOrigin.
     //
     // Note: This method exists only to support backwards compatibility
     //       with older versions of WebKit.
     void grantLoadLocalResources();
 
     // Explicitly grant the ability to access every other SecurityOrigin.
     //
     // WARNING: This is an extremely powerful ability. Use with caution!
+    //
+    // TODO(mkwst): Remove this API as soon as is fesiable. That will likely
+    // require creating a more limited replacement.
     void grantUniversalAccess();
 
+    // Grant `file:` origins universal access.
+    //
+    // TODO(mkwst): As soon as we can reasonably get WebView to stop offering
+    // the API which requires this method, we should remove it.

[Torne, 2015/12/09 12:55:56]

You can have this comment if you want, but realistically WebView is not going to
be able to actually remove this for a very long time - we're hoping to deprecate
it, strongly discourage it, and maybe even disable it in apps that target at
least some reasonably modern OS version, but it's hard to get away from backward
compatibility for old apps. :/

[Mike West, 2015/12/09 14:17:49]

*sigh*

+    void grantUniversalAccessForFileOrigins();
+
     bool canAccessDatabase() const { return !isUnique(); }
     bool canAccessLocalStorage() const { return !isUnique(); }
     bool canAccessSharedWorkers() const { return !isUnique(); }
     bool canAccessServiceWorkers() const { return !isUnique(); }
     bool canAccessCookies() const { return !isUnique(); }
     bool canAccessPasswordManager() const { return !isUnique(); }
     bool canAccessFileSystem() const { return !isUnique(); }
     bool canAccessCacheStorage() const { return !isUnique(); }
 
     // Technically, we should always allow access to sessionStorage, but we
@@ skipping 56 matching lines @@
     static const KURL& urlWithUniqueSecurityOrigin();
 
     // Transfer origin privileges from another security origin.
     // The following privileges are currently copied over:
     //
     //   - Grant universal access.
     //   - Grant loading of local resources.
     //   - Use path-based file:// origins.
     struct PrivilegeData {
         bool m_universalAccess;
+        bool m_universalAccessForFileOrigins;
         bool m_canLoadLocalResources;
         bool m_blockLocalAccessFromLocalOrigin;
     };
     PassOwnPtr<PrivilegeData> createPrivilegeData() const;
     void transferPrivilegesFrom(PassOwnPtr<PrivilegeData>);
 
 private:
     friend class SecurityOriginTest;
     FRIEND_TEST_ALL_PREFIXES(SecurityOriginTest, Suborigins);
     FRIEND_TEST_ALL_PREFIXES(SecurityOriginTest, SuboriginsParsing);
@@ skipping 10 matching lines @@
     static bool deserializeSuboriginAndHost(const String&, String&, String&);
 
     String m_protocol;
     String m_host;
     String m_domain;
     String m_suboriginName;
     unsigned short m_port;
     unsigned short m_effectivePort;
     bool m_isUnique;
     bool m_universalAccess;
+    bool m_universalAccessForFileOrigins;
     bool m_domainWasSetInDOM;
     bool m_canLoadLocalResources;
     bool m_blockLocalAccessFromLocalOrigin;
 };
 
 } // namespace blink
 
 #endif // SecurityOrigin_h