[rfc][icedtea-web] Reflectively add URLPermission to SecurityDesc if available
Andrew Azores
aazores at redhat.com
Thu Jul 3 21:14:09 UTC 2014
On 07/03/2014 05:02 PM, Omair Majid wrote:
> * Andrew Azores <aazores at redhat.com> [2014-07-03 16:55]:
>> + codebaseHost = new URI(codebase.getScheme(), codebase.getUserInfo(), codebase.getHost(), -1, null, null, null);
> Why -1 for port? This seems strange compared to the same-origin-policy.
>
> Thanks,
> Omair
>
It doesn't seem to be specified for the SocketPermission granted in
SecurityDesc either - downloadHost is just the hostname part of the
codebase URL AFAICT. So I haven't specified a port for the URLPermission
so as to not be more restrictive than the SocketPermission.
There's also this in the URLPermission docs:
> /portrange/ is used to specify a port number, or a bounded or
> unbounded range of ports that this permission applies to. If portrange
> is absent or invalid, then a default port number is assumed if the
> scheme is |http| (default 80) or |https| (default 443). No default is
> assumed for other schemes. A wildcard may be specified which means all
> ports.
Thanks,
--
Andrew A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140703/fae73668/attachment.html>
More information about the distro-pkg-dev
mailing list