summaryrefslogtreecommitdiffstats
path: root/src/core/api/qwebengineurlrequestjob.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/core/api/qwebengineurlrequestjob.cpp')
-rw-r--r--src/core/api/qwebengineurlrequestjob.cpp26
1 files changed, 21 insertions, 5 deletions
diff --git a/src/core/api/qwebengineurlrequestjob.cpp b/src/core/api/qwebengineurlrequestjob.cpp
index c028a1167..c3541598b 100644
--- a/src/core/api/qwebengineurlrequestjob.cpp
+++ b/src/core/api/qwebengineurlrequestjob.cpp
@@ -115,9 +115,24 @@ QByteArray QWebEngineUrlRequestJob::requestMethod() const
/*!
\since 5.11
- Returns the origin URL of the content that initiated the request. If the
- request was not initiated by web content the function will return an
- empty QUrl.
+ Returns the serialized origin of the content that initiated the request.
+
+ Generally, the origin consists of a scheme, hostname, and port. For example,
+ \c "http://localhost:8080" would be a valid origin. The port is omitted if
+ it is the scheme's default port (80 for \c http, 443 for \c https). The
+ hostname is omitted for non-network schemes such as \c file and \c qrc.
+
+ However, there is also the special value \c "null" representing a unique
+ origin. It is, for example, the origin of a sandboxed iframe. The purpose of
+ this special origin is to be always different from all other origins in the
+ same-origin check. In other words, content with a unique origin should never
+ have privileged access to any other content.
+
+ Finally, if the request was not initiated by web content, the function will
+ return an empty QUrl. This happens, for example, when you call \l
+ QWebEnginePage::setUrl().
+
+ This value can be used for implementing secure cross-origin checks.
*/
QUrl QWebEngineUrlRequestJob::initiator() const
{
@@ -136,9 +151,10 @@ QUrl QWebEngineUrlRequestJob::initiator() const
The device should remain available at least as long as the job exists.
When calling this method with a newly constructed device, one solution is to
- make the device delete itself when closed, like this:
+ make the device as a child of the job or delete itself when job is deleted,
+ like this:
\code
- connect(device, &QIODevice::aboutToClose, device, &QObject::deleteLater);
+ connect(job, &QObject::destroyed, device, &QObject::deleteLater);
\endcode
*/
void QWebEngineUrlRequestJob::reply(const QByteArray &contentType, QIODevice *device)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 05:37:35 +0000