diff options
author | Jüri Valdmann <juri.valdmann@qt.io> | 2018-10-17 10:35:31 +0200 |
---|---|---|
committer | Jüri Valdmann <juri.valdmann@qt.io> | 2018-10-18 09:45:25 +0000 |
commit | 098680710ad3db2e9bd62928a9e2fb1c7cb8c4a9 (patch) | |
tree | e2ff2f318f569eceb4457aaf35a95bd8774e1151 /src | |
parent | 69d8370f5440854c23d20648c9d35096c12426fe (diff) |
Allow XMLHttpRequests from qrc to file
Add test for cross origin XMLHttpRequests from/to custom schemes. By default,
this is not allowed, but can be changed by adding an origin access whitelist
entry to blink::WebSecurityPolicy in the renderer.
Do this for the qrc scheme. As a result SecurityOrigin("qrc").CanRequest("file")
will return true, which makes DocumentThreadableLoader::Start disable CORS for
the request. Otherwise, CORS would be used, which only works with CORS enabled
schemes.
Fixes: QTBUG-70228
Change-Id: I2da60fddbbfb490c6d2f03329be286dbc28e1f12
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/core/renderer/content_renderer_client_qt.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/renderer/content_renderer_client_qt.cpp b/src/core/renderer/content_renderer_client_qt.cpp index 76baf131b..3eda3993a 100644 --- a/src/core/renderer/content_renderer_client_qt.cpp +++ b/src/core/renderer/content_renderer_client_qt.cpp @@ -69,6 +69,8 @@ #include "services/service_manager/public/cpp/service_context.h" #include "third_party/blink/public/platform/web_url_error.h" #include "third_party/blink/public/platform/web_url_request.h" +#include "third_party/blink/public/web/web_security_policy.h" +#include "third_party/blink/renderer/platform/weborigin/kurl.h" #include "ui/base/resource/resource_bundle.h" #include "ui/base/webui/jstemplate_builder.h" #include "content/public/common/web_preferences.h" @@ -131,6 +133,11 @@ void ContentRendererClientQt::RenderThreadStarted() if (!m_spellCheck) InitSpellCheck(); #endif + + // Allow XMLHttpRequests from qrc to file. + blink::WebURL qrc(blink::KURL("qrc:")); + blink::WebString file(blink::WebString::FromASCII("file")); + blink::WebSecurityPolicy::AddOriginAccessWhitelistEntry(qrc, file, blink::WebString(), true); } void ContentRendererClientQt::RenderViewCreated(content::RenderView* render_view) |