diff options
Diffstat (limited to 'src/webenginewidgets/doc')
-rw-r--r-- | src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc index 3dc23e037..df85c39fb 100644 --- a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc +++ b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc @@ -99,7 +99,14 @@ \value LocalStorageEnabled Enables support for the HTML 5 local storage feature. Enabled by default. \value LocalContentCanAccessRemoteUrls - Allows locally loaded documents to access remote URLs. Disabled by default. + Allows locally loaded documents to ignore cross-origin rules so that they can access + remote resources that would normally be blocked, because all remote resources are + considered cross-origin for a local file. Remote access that would not be blocked by + cross-origin rules is still possible when this setting is disabled (default). + Note that disabling this setting does not stop XMLHttpRequests or media elements in + local files from accessing remote content. Basically, it only stops some HTML + subresources, such as scripts, and therefore disabling this setting is not a safety + mechanism. \value XSSAuditingEnabled Monitors load requests for cross-site scripting attempts. Suspicious scripts are blocked and reported in the inspector's JavaScript console. Disabled by default, because it |