diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/core/api/qwebengineurlrequestjob.cpp | 21 | ||||
-rw-r--r-- | src/core/net/url_request_custom_job_proxy.cpp | 2 |
2 files changed, 19 insertions, 4 deletions
diff --git a/src/core/api/qwebengineurlrequestjob.cpp b/src/core/api/qwebengineurlrequestjob.cpp index c028a1167..f741b88e8 100644 --- a/src/core/api/qwebengineurlrequestjob.cpp +++ b/src/core/api/qwebengineurlrequestjob.cpp @@ -115,9 +115,24 @@ QByteArray QWebEngineUrlRequestJob::requestMethod() const /*! \since 5.11 - Returns the origin URL of the content that initiated the request. If the - request was not initiated by web content the function will return an - empty QUrl. + Returns the serialized origin of the content that initiated the request. + + Generally, the origin consists of a scheme, hostname, and port. For example, + \c "http://localhost:8080" would be a valid origin. The port is omitted if + it is the scheme's default port (80 for \c http, 443 for \c https). The + hostname is omitted for non-network schemes such as \c file and \c qrc. + + However, there is also the special value \c "null" representing a unique + origin. It is, for example, the origin of a sandboxed iframe. The purpose of + this special origin is to be always different from all other origins in the + same-origin check. In other words, content with a unique origin should never + have privileged access to any other content. + + Finally, if the request was not initiated by web content, the function will + return an empty QUrl. This happens, for example, when you call \l + QWebEnginePage::setUrl(). + + This value can be used for implementing secure cross-origin checks. */ QUrl QWebEngineUrlRequestJob::initiator() const { diff --git a/src/core/net/url_request_custom_job_proxy.cpp b/src/core/net/url_request_custom_job_proxy.cpp index 6c9824bb9..526ac2f8b 100644 --- a/src/core/net/url_request_custom_job_proxy.cpp +++ b/src/core/net/url_request_custom_job_proxy.cpp @@ -158,7 +158,7 @@ void URLRequestCustomJobProxy::initialize(GURL url, std::string method, base::Op QUrl initiatorOrigin; if (initiator.has_value()) - initiatorOrigin = toQt(initiator.value().GetURL()); + initiatorOrigin = QUrl::fromEncoded(QByteArray::fromStdString(initiator.value().Serialize())); QWebEngineUrlSchemeHandler *schemeHandler = 0; QSharedPointer<const BrowserContextAdapter> browserContext = m_adapter.toStrongRef(); |