From 4c54ebf70fc10771dac39d5da79a9e94b1240297 Mon Sep 17 00:00:00 2001
From: Florian Bruhin <me@the-compiler.org>
Date: Sun, 17 Feb 2019 16:32:09 +0100
Subject: [PATCH] Allow unique initiator requests to qute://testdata

In tests/unit/browser/test_caret.py in the test
TestFollowSelected::test_follow_selected_with_link we follow a link from
qute://testdata/data/caret.html to qute://testdata/data/hello.txt.

For some reason, Qt 5.12 treats that as an unique/opaque origin with Qt 5.12,
causing the request to be blocked and the test to fail.

To avoid this, we now allow all opaque requests to qute://testdata URLs. This
isn't a problem because a qute://testdata handler is only registered inside
tests anyways.

See #4478
---
 .../browser/webengine/webenginequtescheme.py  | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/qutebrowser/browser/webengine/webenginequtescheme.py b/qutebrowser/browser/webengine/webenginequtescheme.py
index 816589514..821fc49dc 100644
--- a/qutebrowser/browser/webengine/webenginequtescheme.py
+++ b/qutebrowser/browser/webengine/webenginequtescheme.py
@@ -62,18 +62,33 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
         """
         try:
             initiator = job.initiator()
+            request_url = job.requestUrl()
         except AttributeError:
             # Added in Qt 5.11
             return True
 
-        if initiator == QUrl('null') and not qtutils.version_check('5.12'):
+        # https://codereview.qt-project.org/#/c/234849/
+        is_opaque = initiator == QUrl('null')
+        target = request_url.scheme(), request_url.host()
+
+        if is_opaque and not qtutils.version_check('5.12'):
             # WORKAROUND for https://bugreports.qt.io/browse/QTBUG-70421
+            # When we don't register the qute:// scheme, all requests are
+            # flagged as opaque.
+            return True
+
+        if (target == ('qute', 'testdata') and
+                is_opaque and
+                qtutils.version_check('5.12')):
+            # Allow requests to qute://testdata, as this is needed in Qt 5.12
+            # for all tests to work properly. No qute://testdata handler is
+            # installed outside of tests.
             return True
 
         if initiator.isValid() and initiator.scheme() != 'qute':
             log.misc.warning("Blocking malicious request from {} to {}".format(
                 initiator.toDisplayString(),
-                job.requestUrl().toDisplayString()))
+                request_url.toDisplayString()))
             job.fail(QWebEngineUrlRequestJob.RequestDenied)
             return False