From 0b27779c9d8c39d62c93720399b50240d679088e Mon Sep 17 00:00:00 2001
From: Florian Bruhin <me@the-compiler.org>
Date: Fri, 7 Sep 2018 12:25:07 +0200
Subject: [PATCH] Allow null initiator for qute:// URLs on Qt 5.11

Before Qt 5.11.2, for unique origins, we always got QUrl() and thus passed it
through.

With Qt 5.11.2, only missing origins (browser-initiated requests) get an empty
initiator, while unique origins get QUrl("null"):
https://codereview.qt-project.org/#/c/234849/
https://bugreports.qt.io/browse/QTBUG-69372

In theory, those should be locked down (as an unique origin is e.g. a sandboxed
iframe) and never have access to any other content.

However, thanks to a Qt bug, XHR on qute:// pages has QUrl("null") as origin as
long as the URL scheme is not registered. We can only do the registering once
Qt 5.12 is out.

Since unique origins were effectively already allowed on Qt 5.11.0/.1, we pass
them through here as well until Qt 5.12.

See #4198
---
 doc/changelog.asciidoc                               | 1 +
 qutebrowser/browser/webengine/webenginequtescheme.py | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index b708de742..1fc848a1e 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -47,6 +47,7 @@ Changed
   DATADIR and MANDIR.
 - Various performance improvements when many tabs are opened.
 - Regenerating completion history now shows a progress dialog.
+- Make qute:// pages work properly on Qt 5.11.2
 
 Removed
 ~~~~~~~
diff --git a/qutebrowser/browser/webengine/webenginequtescheme.py b/qutebrowser/browser/webengine/webenginequtescheme.py
index b94fc3844..202482084 100644
--- a/qutebrowser/browser/webengine/webenginequtescheme.py
+++ b/qutebrowser/browser/webengine/webenginequtescheme.py
@@ -19,7 +19,7 @@
 
 """QtWebEngine specific qute://* handlers and glue code."""
 
-from PyQt5.QtCore import QBuffer, QIODevice
+from PyQt5.QtCore import QBuffer, QIODevice, QUrl
 from PyQt5.QtWebEngineCore import (QWebEngineUrlSchemeHandler,
                                    QWebEngineUrlRequestJob)
 
@@ -57,6 +57,10 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
             # Added in Qt 5.11
             return True
 
+        if initiator == QUrl('null') and not qtutils.version_check('5.12'):
+            # WORKAROUND for https://bugreports.qt.io/browse/QTBUG-70421
+            return True
+
         if initiator.isValid() and initiator.scheme() != 'qute':
             log.misc.warning("Blocking malicious request from {} to {}"
                                 .format(initiator.toDisplayString(),