I have a custom webkit based application where I'd like to be able
to fetch local media resources from within html pages coming from a
server.
Of course when I tried this I ended up with an error 'Not allowed
to load local resources'. Is there an easy way to allow this within
my own application?
Generally this is a dangerous direction to go in. With a man in the
middle attack, someone could give you malicious content, and because
you gave this content special privileges, it could get at any file
on your user's computer.
Generally it's safer to come up with a way for the remote page to
get special resources rather than trying to turn off the local
resource security machinery entirely.
I was just trying every angle I could think of. The app isn't publicly
available and it really only visits a single URL it is given. I think
the risk of any sort of attack against it would be low. I just wanted
to be able to serve up some high bandwidth flash files locally to a
bunch of test computers. The clients did not want to set up a local
web server to serve up the files either.
As far as I could tell it would require calling
FrameLoader::setRestrictAccessToLocal(false) in WebCore which seems
to be a bit difficult in itself. If I build WebCore myself and
include it in my project and then include FrameLoader I still get
errors because of the private headers FrameLoader.h includes. I
guess I could keep going down this path and include the private
headers folder in WebCore but this doesn't seem like the way to go.
This is not the way to go.
Good, because it wasn't going well. :-)
The other option I figured might work would be to create a custom
protocol that webkit would think is non-local (say localfile://)
and then read the file from the local filesystem myself. Is this
the better way to go? This is an app we have complete control over
the pages it views so using a custom protocol is doable.
That seems like a good option.
It would be a good option if it worked - I absolutely cannot get the
flash plugin to play content that is loaded from a custom protocol. I
even compiled webkit so I could see the debugging from the plugin and
it isn't reporting any errors.
I first tried loading a page http://localhost/testing.html that had a
reference like <embed src="localfile://path/to/file"> and that did not
work. My custom protocol did load the data and hand it back to the
client but nothing was ever displayed. Then I found an older msg on
the list that said this wouldn't work - that the protocols had to match.
So I tried to be more clever and registered a custom protocol that
just looked for certain paths like <embed src="/localfile/path/to/
file"> and then loaded the data - so on the surface everything looks
like it is just using http coming from the same server. It didn't work
either. Same result as above. Does the flash plugin really have any
idea that two different protocol handlers took care of loading the
main page and then the flash content itself? It seems so because I
really figured this way would work just fine.
todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webkitsdk-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
