LibWeb+Browser: Add Debug menu action for toggling Same-Origin Policy

Sometimes it's useful to turn off the SOP for testing purposes.
Let's make that easy by having a Debug menu item for it. :^)
This commit is contained in:
Andreas Kling 2021-09-12 02:10:43 +02:00
parent c181494b19
commit 19de6bb1cc
Notes: sideshowbarker 2024-07-18 04:12:25 +09:00
5 changed files with 29 additions and 1 deletions

View file

@ -377,6 +377,15 @@ void BrowserWindow::build_menus()
spoof_user_agent_menu.add_action(custom_user_agent);
m_user_agent_spoof_actions.add_action(custom_user_agent);
debug_menu.add_separator();
auto same_origin_policy_action = GUI::Action::create_checkable(
"Enable Same &Origin Policy", [this](auto& action) {
active_tab().m_web_content_view->debug_request("same-origin-policy", action.is_checked() ? "on" : "off");
},
this);
same_origin_policy_action->set_checked(true);
debug_menu.add_action(same_origin_policy_action);
auto& help_menu = add_menu("&Help");
help_menu.add_action(WindowActions::the().about_action());
}

View file

@ -9,6 +9,7 @@
#include <LibWeb/HTML/BrowsingContextContainer.h>
#include <LibWeb/Origin.h>
#include <LibWeb/Page/BrowsingContext.h>
#include <LibWeb/Page/Page.h>
namespace Web::HTML {
@ -43,6 +44,10 @@ Origin BrowsingContextContainer::content_origin() const
bool BrowsingContextContainer::may_access_from_origin(const Origin& origin) const
{
if (auto* page = document().page()) {
if (!page->is_same_origin_policy_enabled())
return true;
}
return origin.is_same(content_origin());
}

View file

@ -56,11 +56,16 @@ public:
Gfx::Palette palette() const;
Gfx::IntRect screen_rect() const;
bool is_same_origin_policy_enabled() const { return m_same_origin_policy_enabled; }
void set_same_origin_policy_enabled(bool b) { m_same_origin_policy_enabled = b; }
private:
PageClient& m_client;
RefPtr<BrowsingContext> m_top_level_browsing_context;
WeakPtr<BrowsingContext> m_focused_context;
bool m_same_origin_policy_enabled { true };
};
class PageClient {

View file

@ -18,6 +18,7 @@
#include <LibWeb/HTML/EventNames.h>
#include <LibWeb/Loader/ResourceLoader.h>
#include <LibWeb/Origin.h>
#include <LibWeb/Page/Page.h>
#include <LibWeb/XHR/EventNames.h>
#include <LibWeb/XHR/ProgressEvent.h>
#include <LibWeb/XHR/XMLHttpRequest.h>
@ -172,7 +173,11 @@ DOM::ExceptionOr<void> XMLHttpRequest::send()
// TODO: Add support for preflight requests to support CORS requests
Origin request_url_origin = Origin(request_url.protocol(), request_url.host(), request_url.port());
if (!m_window->associated_document().origin().is_same(request_url_origin)) {
bool should_enforce_same_origin_policy = true;
if (auto* page = m_window->page())
should_enforce_same_origin_policy = page->is_same_origin_policy_enabled();
if (should_enforce_same_origin_policy && !m_window->associated_document().origin().is_same(request_url_origin)) {
dbgln("XHR failed to load: Same-Origin Policy violation: {} may not load {}", m_window->associated_document().url(), request_url);
auto weak_this = make_weak_ptr();
if (!weak_this)

View file

@ -207,6 +207,10 @@ void ClientConnection::debug_request(const String& request, const String& argume
if (request == "spoof-user-agent") {
Web::ResourceLoader::the().set_user_agent(argument);
}
if (request == "same-origin-policy") {
m_page_host->page().set_same_origin_policy_enabled(argument == "on");
}
}
void ClientConnection::get_source()