QWebEngineUrlRequestJob: QUrl("null") for unique initiator origins

The empty URL is used both for representing a missing origin (browser-initiated navigation request) and a unique/opaque origin. This is problematic since the security implications are very different in these two cases: browser-initiated requests usually should have high security clearance, while requests from unique origins should be restricted. Task-number: QTBUG-69372 Change-Id: Iff73fd1c9a29f1c5c281a8945536333081ff2d6b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Jüri Valdmann <juri.valdmann@qt.io> 2018-07-19 10:54:33 +0200
committer: Jüri Valdmann <juri.valdmann@qt.io> 2018-07-20 09:39:51 +0000
commit: 8f914155c4d32fd8befa01c6cc09957d082ca7fe (patch)
tree: 15b9d5cb0ba53e9ecceefd73c5dc7833b62167e0 /src/core/net
parent: 2d3afea3c0a1d56b62fbd28d0a49a64c06857eb1 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/net/url_request_custom_job_proxy.cpp b/src/core/net/url_request_custom_job_proxy.cpp
index 6c9824bb9..526ac2f8b 100644
--- a/src/core/net/url_request_custom_job_proxy.cpp
+++ b/src/core/net/url_request_custom_job_proxy.cpp
@@ -158,7 +158,7 @@ void URLRequestCustomJobProxy::initialize(GURL url, std::string method, base::Op
 
     QUrl initiatorOrigin;
     if (initiator.has_value())
-        initiatorOrigin = toQt(initiator.value().GetURL());
+        initiatorOrigin = QUrl::fromEncoded(QByteArray::fromStdString(initiator.value().Serialize()));
 
     QWebEngineUrlSchemeHandler *schemeHandler = 0;
     QSharedPointer<const BrowserContextAdapter> browserContext = m_adapter.toStrongRef();
author	Jüri Valdmann <juri.valdmann@qt.io>	2018-07-19 10:54:33 +0200
committer	Jüri Valdmann <juri.valdmann@qt.io>	2018-07-20 09:39:51 +0000
commit	8f914155c4d32fd8befa01c6cc09957d082ca7fe (patch)
tree	15b9d5cb0ba53e9ecceefd73c5dc7833b62167e0 /src/core/net
parent	2d3afea3c0a1d56b62fbd28d0a49a64c06857eb1 (diff)