diff options
author | Jüri Valdmann <juri.valdmann@qt.io> | 2018-07-19 10:54:33 +0200 |
---|---|---|
committer | Jüri Valdmann <juri.valdmann@qt.io> | 2018-07-20 09:39:51 +0000 |
commit | 8f914155c4d32fd8befa01c6cc09957d082ca7fe (patch) | |
tree | 15b9d5cb0ba53e9ecceefd73c5dc7833b62167e0 /src/core/net | |
parent | 2d3afea3c0a1d56b62fbd28d0a49a64c06857eb1 (diff) |
QWebEngineUrlRequestJob: QUrl("null") for unique initiator origins
The empty URL is used both for representing a missing origin (browser-initiated
navigation request) and a unique/opaque origin. This is problematic since the
security implications are very different in these two cases: browser-initiated
requests usually should have high security clearance, while requests from unique
origins should be restricted.
Task-number: QTBUG-69372
Change-Id: Iff73fd1c9a29f1c5c281a8945536333081ff2d6b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src/core/net')
-rw-r--r-- | src/core/net/url_request_custom_job_proxy.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/net/url_request_custom_job_proxy.cpp b/src/core/net/url_request_custom_job_proxy.cpp index 6c9824bb9..526ac2f8b 100644 --- a/src/core/net/url_request_custom_job_proxy.cpp +++ b/src/core/net/url_request_custom_job_proxy.cpp @@ -158,7 +158,7 @@ void URLRequestCustomJobProxy::initialize(GURL url, std::string method, base::Op QUrl initiatorOrigin; if (initiator.has_value()) - initiatorOrigin = toQt(initiator.value().GetURL()); + initiatorOrigin = QUrl::fromEncoded(QByteArray::fromStdString(initiator.value().Serialize())); QWebEngineUrlSchemeHandler *schemeHandler = 0; QSharedPointer<const BrowserContextAdapter> browserContext = m_adapter.toStrongRef(); |