1 files changed, 22 insertions, 2 deletions

diff --git a/WebKit/qt/Api/qwebsecurityorigin.cpp b/WebKit/qt/Api/qwebsecurityorigin.cpp
index b69f24d..fe25d2d 100644
--- a/WebKit/qt/Api/qwebsecurityorigin.cpp
+++ b/WebKit/qt/Api/qwebsecurityorigin.cpp
@@ -48,6 +48,16 @@ using namespace WebCore;
     \c{http://www.malicious.com/evil.html} from accessing \c{http://www.example.com/}'s resources,
     because they are of a different security origin.
 
+    By default local schemes like \c{file://} and \c{qrc://} are concidered to be in the same
+    security origin, and can access each other's resources. You can add additional local schemes
+    by using QWebSecurityOrigin::addLocalScheme(), or override the default same-origin behavior
+    by setting QWebSettings::LocalContentCanAccessFileUrls to \c{false}.
+
+    \note Local resources are by default restricted from accessing remote content, which
+    means your \c{file://} will not be able to access \c{http://domain.com/foo.html}. You
+    can relax this restriction by setting QWebSettings::LocalContentCanAccessRemoteUrls to
+    \c{true}.
+
     Call QWebFrame::securityOrigin() to get the QWebSecurityOrigin for a frame in a
     web page, and use host(), scheme() and port() to identify the security origin.
 
@@ -204,7 +214,11 @@ QList<QWebDatabase> QWebSecurityOrigin::databases() const
     \since 4.6
 
     Adds the given \a scheme to the list of schemes that are considered equivalent
-    to the \c file: scheme. They are not subject to cross domain restrictions.
+    to the \c file: scheme.
+
+    Cross domain restrictions depend on the two web settings QWebSettings::LocalContentCanAccessFileUrls
+    and QWebSettings::LocalContentCanAccessFileUrls. By default all local schemes are concidered to be
+    in the same security origin, and local schemes can not access remote content.
 */
 void QWebSecurityOrigin::addLocalScheme(const QString& scheme)
 {
@@ -216,6 +230,9 @@ void QWebSecurityOrigin::addLocalScheme(const QString& scheme)
 
     Removes the given \a scheme from the list of local schemes.
 
+    \note You can not remove the \c{file://} scheme from the list
+    of local schemes.
+
     \sa addLocalScheme()
 */
 void QWebSecurityOrigin::removeLocalScheme(const QString& scheme)
@@ -225,7 +242,10 @@ void QWebSecurityOrigin::removeLocalScheme(const QString& scheme)
 
 /*!
     \since 4.6
-    Returns a list of all the schemes that were set by the application as local schemes,
+    Returns a list of all the schemes concidered to be local.
+
+    By default this is \c{file://} and \c{qrc://}.
+
     \sa addLocalScheme(), removeLocalScheme()
 */
 QStringList QWebSecurityOrigin::localSchemes()