static void testWebContextSecurityFileXHR(WebViewTest* test, gconstpointer)
{
GUniquePtr<char> fileURL(g_strdup_printf("file://%s/simple.html", Test::getResourcesDir(Test::WebKit2Resources).data()));
test->loadURI(fileURL.get());
test->waitUntilLoadFinished();
GUniquePtr<char> jsonURL(g_strdup_printf("file://%s/simple.json", Test::getResourcesDir().data()));
GUniquePtr<char> xhr(g_strdup_printf("var xhr = new XMLHttpRequest; xhr.open(\"GET\", \"%s\"); xhr.send();", jsonURL.get()));
WebKitJavascriptResult* consoleMessage = nullptr;
webkit_user_content_manager_register_script_message_handler(test->m_userContentManager.get(), "console");
g_signal_connect(test->m_userContentManager.get(), "script-message-received::console", G_CALLBACK(consoleMessageReceivedCallback), &consoleMessage);
// By default file access is not allowed, this will show a console message with a cross-origin error.
GUniqueOutPtr<GError> error;
WebKitJavascriptResult* javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(javascriptResult);
g_assert(!error);
g_assert(consoleMessage);
GUniquePtr<char> messageString(WebViewTest::javascriptResultToCString(consoleMessage));
GRefPtr<GVariant> variant = g_variant_parse(G_VARIANT_TYPE("(uusus)"), messageString.get(), nullptr, nullptr, nullptr);
g_assert(variant.get());
unsigned level;
const char* messageText;
g_variant_get(variant.get(), "(uu&su&s)", nullptr, &level, &messageText, nullptr, nullptr);
g_assert_cmpuint(level, ==, 3); // Console error message.
GUniquePtr<char> expectedErrorMessage(g_strdup_printf("XMLHttpRequest cannot load %s. Cross origin requests are only supported for HTTP.", jsonURL.get()));
g_assert_cmpstr(messageText, ==, expectedErrorMessage.get());
webkit_javascript_result_unref(consoleMessage);
consoleMessage = nullptr;
level = 0;
messageText = nullptr;
variant = nullptr;
// Allow file access from file URLs.
webkit_settings_set_allow_file_access_from_file_urls(webkit_web_view_get_settings(test->m_webView), TRUE);
test->loadURI(fileURL.get());
test->waitUntilLoadFinished();
javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(javascriptResult);
g_assert(!error);
// It isn't still possible to load file from an HTTP URL.
test->loadURI(kServer->getURIForPath("/").data());
test->waitUntilLoadFinished();
javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(javascriptResult);
g_assert(!error);
g_assert(consoleMessage);
variant = g_variant_parse(G_VARIANT_TYPE("(uusus)"), messageString.get(), nullptr, nullptr, nullptr);
g_assert(variant.get());
g_variant_get(variant.get(), "(uu&su&s)", nullptr, &level, &messageText, nullptr, nullptr);
g_assert_cmpuint(level, ==, 3); // Console error message.
g_assert_cmpstr(messageText, ==, expectedErrorMessage.get());
webkit_javascript_result_unref(consoleMessage);
g_signal_handlers_disconnect_matched(test->m_userContentManager.get(), G_SIGNAL_MATCH_DATA, 0, 0, nullptr, nullptr, &consoleMessage);
webkit_user_content_manager_unregister_script_message_handler(test->m_userContentManager.get(), "console");
webkit_settings_set_allow_file_access_from_file_urls(webkit_web_view_get_settings(test->m_webView), FALSE);
}
static void
ephy_embed_shell_startup (GApplication* application)
{
EphyEmbedShell *shell = EPHY_EMBED_SHELL (application);
EphyEmbedShellPrivate *priv = ephy_embed_shell_get_instance_private (shell);
char *favicon_db_path;
WebKitCookieManager *cookie_manager;
char *filename;
char *cookie_policy;
G_APPLICATION_CLASS (ephy_embed_shell_parent_class)->startup (application);
/* We're not remoting, setup the Web Context if we are not running in a test.
Tests already do this after construction. */
if (priv->mode != EPHY_EMBED_SHELL_MODE_TEST)
ephy_embed_shell_create_web_context (embed_shell);
ephy_embed_shell_setup_web_extensions_connection (shell);
/* User content manager */
if (priv->mode != EPHY_EMBED_SHELL_MODE_TEST)
priv->user_content = webkit_user_content_manager_new ();
webkit_user_content_manager_register_script_message_handler (priv->user_content,
"overview");
g_signal_connect (priv->user_content, "script-message-received::overview",
G_CALLBACK (web_extension_overview_message_received_cb),
shell);
webkit_user_content_manager_register_script_message_handler (priv->user_content,
"tlsErrorPage");
g_signal_connect (priv->user_content, "script-message-received::tlsErrorPage",
G_CALLBACK (web_extension_tls_error_page_message_received_cb),
shell);
webkit_user_content_manager_register_script_message_handler (priv->user_content,
"formAuthData");
g_signal_connect (priv->user_content, "script-message-received::formAuthData",
G_CALLBACK (web_extension_form_auth_data_message_received_cb),
shell);
webkit_user_content_manager_register_script_message_handler (priv->user_content,
"aboutApps");
g_signal_connect (priv->user_content, "script-message-received::aboutApps",
G_CALLBACK (web_extension_about_apps_message_received_cb),
shell);
ephy_embed_shell_setup_process_model (shell);
g_signal_connect (priv->web_context, "initialize-web-extensions",
G_CALLBACK (initialize_web_extensions),
shell);
/* Favicon Database */
favicon_db_path = g_build_filename (EPHY_EMBED_SHELL_MODE_HAS_PRIVATE_PROFILE (priv->mode) ?
ephy_dot_dir () : g_get_user_cache_dir (),
"icondatabase", NULL);
webkit_web_context_set_favicon_database_directory (priv->web_context, favicon_db_path);
g_free (favicon_db_path);
/* Do not ignore TLS errors. */
webkit_web_context_set_tls_errors_policy (priv->web_context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
/* about: URIs handler */
priv->about_handler = ephy_about_handler_new ();
webkit_web_context_register_uri_scheme (priv->web_context,
EPHY_ABOUT_SCHEME,
(WebKitURISchemeRequestCallback)about_request_cb,
shell, NULL);
/* Register about scheme as local so that it can contain file resources */
webkit_security_manager_register_uri_scheme_as_local (webkit_web_context_get_security_manager (priv->web_context),
EPHY_ABOUT_SCHEME);
/* ephy-resource handler */
webkit_web_context_register_uri_scheme (priv->web_context, "ephy-resource",
(WebKitURISchemeRequestCallback)ephy_resource_request_cb,
NULL, NULL);
/* Store cookies in moz-compatible SQLite format */
cookie_manager = webkit_web_context_get_cookie_manager (priv->web_context);
filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL);
webkit_cookie_manager_set_persistent_storage (cookie_manager, filename,
WEBKIT_COOKIE_PERSISTENT_STORAGE_SQLITE);
g_free (filename);
cookie_policy = g_settings_get_string (EPHY_SETTINGS_WEB,
EPHY_PREFS_WEB_COOKIES_POLICY);
ephy_embed_prefs_set_cookie_accept_policy (cookie_manager, cookie_policy);
g_free (cookie_policy);
}
