Add AllowGeolocationOnInsecureOrigins setting

This provides a way to restore earlier QtWebEngine behavior where
geolocation was possible from all origins.

[ChangeLog][Settings] Added setting to again allow insecure origins
to request geolocation.

Change-Id: I043fb7a36a56fa5acc1740d52a50b9d7ff49a2c5
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

8 files changed, 42 insertions, 2 deletions

diff --git a/src/core/web_engine_settings.cpp b/src/core/web_engine_settings.cpp
index c17177745..57813a82f 100644
--- a/src/core/web_engine_settings.cpp
+++ b/src/core/web_engine_settings.cpp
@@ -242,6 +242,7 @@ void WebEngineSettings::initDefaults(bool offTheRecord)
         s_defaultAttributes.insert(FocusOnNavigationEnabled, true);
         s_defaultAttributes.insert(PrintElementBackgrounds, true);
         s_defaultAttributes.insert(AllowRunningInsecureContent, allowRunningInsecureContent);
+        s_defaultAttributes.insert(AllowGeolocationOnInsecureOrigins, false);
     }
     if (offTheRecord)
         m_attributes.insert(LocalStorageEnabled, false);
@@ -320,6 +321,7 @@ void WebEngineSettings::applySettingsToWebPreferences(content::WebPreferences *p
     prefs->experimental_webgl_enabled = testAttribute(WebGLEnabled);
     prefs->should_print_backgrounds = testAttribute(PrintElementBackgrounds);
     prefs->allow_running_insecure_content = testAttribute(AllowRunningInsecureContent);
+    prefs->allow_geolocation_on_insecure_origins = testAttribute(AllowGeolocationOnInsecureOrigins);
 
     // Fonts settings.
     prefs->standard_font_family_map[content::kCommonScript] = toString16(fontFamily(StandardFont));
diff --git a/src/core/web_engine_settings.h b/src/core/web_engine_settings.h
index 8459ba75b..4b0ce7b39 100644
--- a/src/core/web_engine_settings.h
+++ b/src/core/web_engine_settings.h
@@ -82,7 +82,8 @@ public:
         TouchIconsEnabled,
         FocusOnNavigationEnabled,
         PrintElementBackgrounds,
-        AllowRunningInsecureContent
+        AllowRunningInsecureContent,
+        AllowGeolocationOnInsecureOrigins
     };
 
     // Must match the values from the public API in qwebenginesettings.h.
diff --git a/src/webengine/api/qquickwebenginesettings.cpp b/src/webengine/api/qquickwebenginesettings.cpp
index 09bf2708e..ac01d9cd6 100644
--- a/src/webengine/api/qquickwebenginesettings.cpp
+++ b/src/webengine/api/qquickwebenginesettings.cpp
@@ -347,6 +347,21 @@ bool QQuickWebEngineSettings::allowRunningInsecureContent() const
 }
 
 /*!
+  \qmlproperty bool WebEngineSettings::allowGeolocationOnInsecureOrigins
+  \since QtWebEngine 1.5
+
+  Since Qt 5.7, only secure origins such as HTTPS have been able to request
+  Geolocation features. This provides an override to allow non secure
+  origins to access Geolocation again.
+
+  Disabled by default.
+*/
+bool QQuickWebEngineSettings::allowGeolocationOnInsecureOrigins() const
+{
+    return d_ptr->testAttribute(WebEngineSettings::AllowGeolocationOnInsecureOrigins);
+}
+
+/*!
     \qmlproperty string WebEngineSettings::defaultTextEncoding
     \since QtWebEngine 1.2
 
@@ -540,6 +555,14 @@ void QQuickWebEngineSettings::setAllowRunningInsecureContent(bool on)
         Q_EMIT allowRunningInsecureContentChanged();
 }
 
+void QQuickWebEngineSettings::setAllowGeolocationOnInsecureOrigins(bool on)
+{
+    bool wasOn = d_ptr->testAttribute(WebEngineSettings::AllowGeolocationOnInsecureOrigins);
+    d_ptr->setAttribute(WebEngineSettings::AllowGeolocationOnInsecureOrigins, on);
+    if (wasOn != on)
+        Q_EMIT allowGeolocationOnInsecureOriginsChanged();
+}
+
 void QQuickWebEngineSettings::setParentSettings(QQuickWebEngineSettings *parentSettings)
 {
     d_ptr->setParentSettings(parentSettings->d_ptr.data());
diff --git a/src/webengine/api/qquickwebenginesettings_p.h b/src/webengine/api/qquickwebenginesettings_p.h
index a53c7cdb3..a2d4f1f96 100644
--- a/src/webengine/api/qquickwebenginesettings_p.h
+++ b/src/webengine/api/qquickwebenginesettings_p.h
@@ -85,6 +85,7 @@ class Q_WEBENGINE_PRIVATE_EXPORT QQuickWebEngineSettings : public QObject {
     Q_PROPERTY(bool focusOnNavigationEnabled READ focusOnNavigationEnabled WRITE setFocusOnNavigationEnabled NOTIFY focusOnNavigationEnabledChanged REVISION 3)
     Q_PROPERTY(bool printElementBackgrounds READ printElementBackgrounds WRITE setPrintElementBackgrounds NOTIFY printElementBackgroundsChanged REVISION 3)
     Q_PROPERTY(bool allowRunningInsecureContent READ allowRunningInsecureContent WRITE setAllowRunningInsecureContent NOTIFY allowRunningInsecureContentChanged REVISION 3)
+    Q_PROPERTY(bool allowGeolocationOnInsecureOrigins READ allowGeolocationOnInsecureOrigins WRITE setAllowGeolocationOnInsecureOrigins NOTIFY allowGeolocationOnInsecureOriginsChanged REVISION 4 FINAL)
 
 public:
     ~QQuickWebEngineSettings();
@@ -111,6 +112,7 @@ public:
     bool focusOnNavigationEnabled() const;
     bool printElementBackgrounds() const;
     bool allowRunningInsecureContent() const;
+    bool allowGeolocationOnInsecureOrigins() const;
 
     void setAutoLoadImages(bool on);
     void setJavascriptEnabled(bool on);
@@ -134,6 +136,7 @@ public:
     void setFocusOnNavigationEnabled(bool on);
     void setPrintElementBackgrounds(bool on);
     void setAllowRunningInsecureContent(bool on);
+    void setAllowGeolocationOnInsecureOrigins(bool on);
 
 signals:
     void autoLoadImagesChanged();
@@ -158,6 +161,7 @@ signals:
     Q_REVISION(3) void focusOnNavigationEnabledChanged();
     Q_REVISION(3) void printElementBackgroundsChanged();
     Q_REVISION(3) void allowRunningInsecureContentChanged();
+    Q_REVISION(4) void allowGeolocationOnInsecureOriginsChanged();
 
 private:
     explicit QQuickWebEngineSettings(QQuickWebEngineSettings *parentSettings = 0);
diff --git a/src/webengine/plugin/plugin.cpp b/src/webengine/plugin/plugin.cpp
index 0fd2087d4..f8f790061 100644
--- a/src/webengine/plugin/plugin.cpp
+++ b/src/webengine/plugin/plugin.cpp
@@ -103,6 +103,7 @@ public:
         qmlRegisterUncreatableType<QQuickWebEngineSettings, 1>(uri, 1, 2, "WebEngineSettings", tr("Cannot create a separate instance of WebEngineSettings"));
         qmlRegisterUncreatableType<QQuickWebEngineSettings, 2>(uri, 1, 3, "WebEngineSettings", tr("Cannot create a separate instance of WebEngineSettings"));
         qmlRegisterUncreatableType<QQuickWebEngineSettings, 3>(uri, 1, 4, "WebEngineSettings", tr("Cannot create a separate instance of WebEngineSettings"));
+        qmlRegisterUncreatableType<QQuickWebEngineSettings, 4>(uri, 1, 5, "WebEngineSettings", tr("Cannot create a separate instance of WebEngineSettings"));
         qmlRegisterSingletonType<QQuickWebEngineSingleton>(uri, 1, 1, "WebEngine", webEngineSingletonProvider);
         qmlRegisterUncreatableType<QQuickWebEngineHistory>(uri, 1, 1, "NavigationHistory",
             tr("Cannot create a separate instance of NavigationHistory"));
diff --git a/src/webenginewidgets/api/qwebenginesettings.cpp b/src/webenginewidgets/api/qwebenginesettings.cpp
index 50002e3e6..08d24376a 100644
--- a/src/webenginewidgets/api/qwebenginesettings.cpp
+++ b/src/webenginewidgets/api/qwebenginesettings.cpp
@@ -95,6 +95,8 @@ static WebEngineSettings::Attribute toWebEngineAttribute(QWebEngineSettings::Web
         return WebEngineSettings::PrintElementBackgrounds;
     case QWebEngineSettings::AllowRunningInsecureContent:
         return WebEngineSettings::AllowRunningInsecureContent;
+    case QWebEngineSettings::AllowGeolocationOnInsecureOrigins:
+        return WebEngineSettings::AllowGeolocationOnInsecureOrigins;
 
     default:
         return WebEngineSettings::UnsupportedInCoreSettings;
diff --git a/src/webenginewidgets/api/qwebenginesettings.h b/src/webenginewidgets/api/qwebenginesettings.h
index e3fb83ff5..73995a457 100644
--- a/src/webenginewidgets/api/qwebenginesettings.h
+++ b/src/webenginewidgets/api/qwebenginesettings.h
@@ -88,7 +88,8 @@ public:
         TouchIconsEnabled,
         FocusOnNavigationEnabled,
         PrintElementBackgrounds,
-        AllowRunningInsecureContent
+        AllowRunningInsecureContent,
+        AllowGeolocationOnInsecureOrigins
     };
 
     enum FontSize {
diff --git a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
index 07afd6501..1919d6ea7 100644
--- a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
+++ b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
@@ -160,6 +160,12 @@
             web-sockets from HTTP URLs. This provides an override to get
             the old insecure behavior.
             Disabled by default. (Added in Qt 5.8)
+    \value  AllowGeolocationOnInsecureOrigins
+            Since Qt 5.7, only secure origins such as HTTPS have been able to request
+            Geolocation features. This provides an override to allow non secure
+            origins to access Geolocation again.
+            Disabled by default. (Added in Qt 5.9)
+
 */
 
 /*!