|
|
* Adjust your meson.build to depend on WebKitGTK 2.26.0.
|
|
|
* If your application creates its own `WebKitWebContext`, call `webkit_web_context_set_sandbox_enabled()` on it.
|
|
|
* If your application does not create its own `WebKitWebContext`, then it uses the default web context. Use `webkit_web_context_get_default()` and call `webkit_web_context_set_sandbox_enabled()` on it.
|
|
|
* Perform a basic functionality test to sanity-check that the sandbox has not broken major app functionality. The vast majority of applications should not notice any issues. Applications that attempt to access file:/// URIs from a web process extension will break.
|
|
|
* Perform a basic functionality test to sanity-check that the sandbox has not broken major app functionality. The vast majority of applications should not notice any issues.
|
|
|
* Applications that attempt to access file:/// URIs from a web process extension will break. You will need to either mount the directory containing the desired file inside the sandbox, or rearchitect the application. [Example.](https://gitlab.gnome.org/GNOME/epiphany/-/commit/a2b73274280efa067632ec0dfedb3fcc7a41f8fe) Note that most applications only load files via the UI process using webkit_web_view_load_url(); such loads will work fine because they are managed by the unsandboxed network process, so whitelisting is not required.
|
|
|
* [Example](https://gitlab.gnome.org/GNOME/gnome-initial-setup/-/merge_requests/87/diffs)
|
|
|
* [Tracking issue](https://gitlab.gnome.org/GNOME/Initiatives/-/issues/19) |
|
|
\ No newline at end of file |