diff options
| author | Szabolcs David <davidsz@inf.u-szeged.hu> | 2023-05-16 14:07:08 +0200 |
|---|---|---|
| committer | Szabolcs David <davidsz@inf.u-szeged.hu> | 2023-06-01 00:18:20 +0200 |
| commit | 2b9f7fe3e511c22ff258c94ed618727f90858298 (patch) | |
| tree | 02d17a4295306d8a880d8b531fe88bda65e2efd5 /src/core/net | |
| parent | 1aa2a71e33bf53b08f041e2d0b504b56bb4e825e (diff) | |
Improve LocalContentCanAccess(File/Remote)Urls settings
Do not prevent access to files when users navigate by user gesture,
reload, or navigate the main frame back and forward in history.
Task-number: QTBUG-113413
Task-number: QTBUG-113485
Change-Id: I942362f7048618dac7a067c8713285deb4ca06f5
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src/core/net')
| -rw-r--r-- | src/core/net/proxying_url_loader_factory_qt.cpp | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp index aa333ae02..4e40f9fc8 100644 --- a/src/core/net/proxying_url_loader_factory_qt.cpp +++ b/src/core/net/proxying_url_loader_factory_qt.cpp @@ -317,18 +317,25 @@ void InterceptedRequest::Restart() { DCHECK_CURRENTLY_ON(content::BrowserThread::UI); + bool granted_special_access = false; + auto navigationType = toQt(pageTransitionToNavigationType(ui::PageTransition(request_.transition_type))); + switch (navigationType) { + case QWebEngineUrlRequestInfo::NavigationTypeLink: + case QWebEngineUrlRequestInfo::NavigationTypeTyped: + if (blink::mojom::ResourceType(request_.resource_type) == blink::mojom::ResourceType::kMainFrame && request_.has_user_gesture) + granted_special_access = true; // allow normal explicit navigation + break; + case QWebEngineUrlRequestInfo::NavigationTypeBackForward: + case QWebEngineUrlRequestInfo::NavigationTypeReload: + if (blink::mojom::ResourceType(request_.resource_type) == blink::mojom::ResourceType::kMainFrame) + granted_special_access = true; + break; + default: + break; + } + // Check if non-local access is allowed if (!allow_remote_ && remote_access_) { - bool granted_special_access = false; - switch (ui::PageTransition(request_.transition_type)) { - case ui::PAGE_TRANSITION_LINK: - case ui::PAGE_TRANSITION_TYPED: - if (blink::mojom::ResourceType(request_.resource_type) == blink::mojom::ResourceType::kMainFrame && request_.has_user_gesture) - granted_special_access = true; // allow normal explicit navigation - break; - default: - break; - } if (!granted_special_access) { target_client_->OnComplete(network::URLLoaderCompletionStatus(net::ERR_NETWORK_ACCESS_DENIED)); delete this; @@ -338,7 +345,6 @@ void InterceptedRequest::Restart() // Check if local access is allowed if (!allow_local_ && local_access_) { - bool granted_special_access = false; // Check for specifically granted file access: if (auto *frame_tree = content::FrameTreeNode::GloballyFindByID(frame_tree_node_id_)) { const int renderer_id = frame_tree->current_frame_host()->GetProcess()->GetID(); @@ -365,7 +371,6 @@ void InterceptedRequest::Restart() } auto resourceType = toQt(blink::mojom::ResourceType(request_.resource_type)); - auto navigationType = toQt(pageTransitionToNavigationType(ui::PageTransition(request_.transition_type))); const QUrl originalUrl = toQt(request_.url); const QUrl initiator = request_.request_initiator.has_value() ? toQt(request_.request_initiator->GetURL()) : QUrl(); |