diff options
author | Michael BrĂ¼ning <michael.bruning@qt.io> | 2018-08-20 16:26:03 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-08-21 15:18:19 +0200 |
commit | be18c1dcfa68328acdf11e0a534749d9a5d75f8b (patch) | |
tree | 53a7b347d2771f4502338ac973a80a37edacdee7 /src/core/api | |
parent | b74e93a9b07243da4f3d2784cde49916de455364 (diff) | |
parent | e56dd7e37ea96c4ba1354e319bdaa9d01c401747 (diff) |
Merge remote-tracking branch 'origin/5.11' into 5.12
Conflicts:
.qmake.conf
configure.json
examples/webenginewidgets/markdowneditor/resources/3rdparty/marked.js
examples/webenginewidgets/markdowneditor/resources/3rdparty/qt_attribution.json
examples/webenginewidgets/markdowneditor/resources/markdowneditor.qrc
mkspecs/features/platform.prf
src/3rdparty
src/core/media_capture_devices_dispatcher.cpp
src/core/net/url_request_context_getter_qt.cpp
src/core/net/url_request_context_getter_qt.h
src/core/web_contents_adapter.cpp
Change-Id: I467133ba455b1f85f6bb61793794c31cb1094541
Diffstat (limited to 'src/core/api')
-rw-r--r-- | src/core/api/qwebengineurlrequestjob.cpp | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/core/api/qwebengineurlrequestjob.cpp b/src/core/api/qwebengineurlrequestjob.cpp index c028a1167..c3541598b 100644 --- a/src/core/api/qwebengineurlrequestjob.cpp +++ b/src/core/api/qwebengineurlrequestjob.cpp @@ -115,9 +115,24 @@ QByteArray QWebEngineUrlRequestJob::requestMethod() const /*! \since 5.11 - Returns the origin URL of the content that initiated the request. If the - request was not initiated by web content the function will return an - empty QUrl. + Returns the serialized origin of the content that initiated the request. + + Generally, the origin consists of a scheme, hostname, and port. For example, + \c "http://localhost:8080" would be a valid origin. The port is omitted if + it is the scheme's default port (80 for \c http, 443 for \c https). The + hostname is omitted for non-network schemes such as \c file and \c qrc. + + However, there is also the special value \c "null" representing a unique + origin. It is, for example, the origin of a sandboxed iframe. The purpose of + this special origin is to be always different from all other origins in the + same-origin check. In other words, content with a unique origin should never + have privileged access to any other content. + + Finally, if the request was not initiated by web content, the function will + return an empty QUrl. This happens, for example, when you call \l + QWebEnginePage::setUrl(). + + This value can be used for implementing secure cross-origin checks. */ QUrl QWebEngineUrlRequestJob::initiator() const { @@ -136,9 +151,10 @@ QUrl QWebEngineUrlRequestJob::initiator() const The device should remain available at least as long as the job exists. When calling this method with a newly constructed device, one solution is to - make the device delete itself when closed, like this: + make the device as a child of the job or delete itself when job is deleted, + like this: \code - connect(device, &QIODevice::aboutToClose, device, &QObject::deleteLater); + connect(job, &QObject::destroyed, device, &QObject::deleteLater); \endcode */ void QWebEngineUrlRequestJob::reply(const QByteArray &contentType, QIODevice *device) |