I would like to know how and in which code module the Same Origin Policy for JavaScript is implemented in Google Chrome (V8). In Mozilla Firefox, the JS Engine (SpiderMonkey) has the provision of registering callback functions that implement the Same Origin Policy check. Specifically, this is done in the caps/nsScriptSecurityManager module, which walks the JavaScript runtime stack to find the appropriate principals. In V8's documentation, there is a small hint that V8 has "JavaScript Contexts" and each context has "different origins". Can anyone please point me to the specific code modules where these access checks are implemented in Chrome? I am trying to figure out how Google Chrome extensions leverage the Same Origin Policy.
Asked
Active
Viewed 385 times
0
1 Answers
0
I filed a bug report on a Chrome bug in CORS and was told, in response, that all the code lives in webkit.
bmargulies
- 97,814
- 39
- 186
- 310