Merge remote-tracking branch 'origin/5.6' into dev

Conflicts:
	tests/auto/widgets/qwebengineprofile/tst_qwebengineprofile.cpp
	tests/auto/widgets/widgets.pro

Change-Id: Id9444359ed2e35d469331db96a355c9ea2d095d5

1 files changed, 8 insertions, 1 deletions

diff --git a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
index 6b518a1f2..461af086a 100644
--- a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
+++ b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
@@ -101,7 +101,14 @@
     \value  LocalStorageEnabled
             Enables support for the HTML 5 local storage feature. Enabled by default.
     \value  LocalContentCanAccessRemoteUrls
-            Allows locally loaded documents to access remote URLs. Disabled by default.
+            Allows locally loaded documents to ignore cross-origin rules so that they can access
+            remote resources that would normally be blocked, because all remote resources are
+            considered cross-origin for a local file. Remote access that would not be blocked by
+            cross-origin rules is still possible when this setting is disabled (default).
+            Note that disabling this setting does not stop XMLHttpRequests or media elements in
+            local files from accessing remote content. Basically, it only stops some HTML
+            subresources, such as scripts, and therefore disabling this setting is not a safety
+            mechanism.
     \value  XSSAuditingEnabled
             Monitors load requests for cross-site scripting attempts. Suspicious scripts are blocked
             and reported in the inspector's JavaScript console. Disabled by default, because it