diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-01-22 11:30:24 +0100 |
---|---|---|
committer | Jocelyn Turcotte <jocelyn.turcotte@digia.com> | 2015-01-22 17:55:41 +0100 |
commit | 4c724c022664286191558803632d45cd28749ae4 (patch) | |
tree | 128ac4e844990fa1d85dfca446d54baf62918f7a /src/core/web_contents_delegate_qt.h | |
parent | b6c905a0616f3ed22e553171ad4f5667c1250941 (diff) |
Improve geolocation permission security
Ensure we only grant permission to the origin the user replied to,
otherwise we might get a race exploit.
Change-Id: I4f737148f4e41432c160b81c324531e9cde0edc6
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Diffstat (limited to 'src/core/web_contents_delegate_qt.h')
-rw-r--r-- | src/core/web_contents_delegate_qt.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/web_contents_delegate_qt.h b/src/core/web_contents_delegate_qt.h index 2a541a768..c57a2fc67 100644 --- a/src/core/web_contents_delegate_qt.h +++ b/src/core/web_contents_delegate_qt.h @@ -92,11 +92,16 @@ public: void overrideWebPreferences(content::WebContents *, content::WebPreferences*); void allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &) ; void requestGeolocationPermission(const GURL &requestingFrameOrigin, base::Callback<void (bool)> resultCallback); + void geolocationPermissionReply(const QUrl&, bool permission); - base::Callback<void (bool)> m_lastGeolocationRequestCallback; private: WebContentsAdapter *createWindow(content::WebContents *new_contents, WindowOpenDisposition disposition, const gfx::Rect& initial_pos, bool user_gesture); + struct { + QUrl url; + base::Callback<void (bool)> callback; + } m_lastGeolocationPermissionRequest; + WebContentsAdapterClient *m_viewClient; QString m_lastSearchedString; int m_lastReceivedFindReply; |