0b27779c9d
Before Qt 5.11.2, for unique origins, we always got QUrl() and thus passed it
through.
With Qt 5.11.2, only missing origins (browser-initiated requests) get an empty
initiator, while unique origins get QUrl("null"):
https://codereview.qt-project.org/#/c/234849/
https://bugreports.qt.io/browse/QTBUG-69372
In theory, those should be locked down (as an unique origin is e.g. a sandboxed
iframe) and never have access to any other content.
However, thanks to a Qt bug, XHR on qute:// pages has QUrl("null") as origin as
long as the URL scheme is not registered. We can only do the registering once
Qt 5.12 is out.
Since unique origins were effectively already allowed on Qt 5.11.0/.1, we pass
them through here as well until Qt 5.12.
See #4198
|
||
|---|---|---|
| .. | ||
| help | ||
| img | ||
| backers.asciidoc | ||
| changelog.asciidoc | ||
| contributing.asciidoc | ||
| faq.asciidoc | ||
| install.asciidoc | ||
| quickstart.asciidoc | ||
| qutebrowser.1.asciidoc | ||
| stacktrace.asciidoc | ||
| userscripts.asciidoc | ||