diff options
| author | Florian Bruhin <me@the-compiler.org> | 2019-02-17 16:32:09 +0100 |
|---|---|---|
| committer | Florian Bruhin <me@the-compiler.org> | 2019-02-17 17:14:58 +0100 |
| commit | 4c54ebf70fc10771dac39d5da79a9e94b1240297 (patch) | |
| tree | 1c2c988ff408ec7054e96b33892e38ea5468d5f3 | |
| parent | 152abb0d64b8c3a3c0afc8427a006e24c1b284d1 (diff) | |
| download | qutebrowser-4c54ebf70fc10771dac39d5da79a9e94b1240297.tar.gz qutebrowser-4c54ebf70fc10771dac39d5da79a9e94b1240297.zip | |
Allow unique initiator requests to qute://testdata
In tests/unit/browser/test_caret.py in the test
TestFollowSelected::test_follow_selected_with_link we follow a link from
qute://testdata/data/caret.html to qute://testdata/data/hello.txt.
For some reason, Qt 5.12 treats that as an unique/opaque origin with Qt 5.12,
causing the request to be blocked and the test to fail.
To avoid this, we now allow all opaque requests to qute://testdata URLs. This
isn't a problem because a qute://testdata handler is only registered inside
tests anyways.
See #4478
| -rw-r--r-- | qutebrowser/browser/webengine/webenginequtescheme.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/qutebrowser/browser/webengine/webenginequtescheme.py b/qutebrowser/browser/webengine/webenginequtescheme.py index 816589514..821fc49dc 100644 --- a/qutebrowser/browser/webengine/webenginequtescheme.py +++ b/qutebrowser/browser/webengine/webenginequtescheme.py @@ -62,18 +62,33 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler): """ try: initiator = job.initiator() + request_url = job.requestUrl() except AttributeError: # Added in Qt 5.11 return True - if initiator == QUrl('null') and not qtutils.version_check('5.12'): + # https://codereview.qt-project.org/#/c/234849/ + is_opaque = initiator == QUrl('null') + target = request_url.scheme(), request_url.host() + + if is_opaque and not qtutils.version_check('5.12'): # WORKAROUND for https://bugreports.qt.io/browse/QTBUG-70421 + # When we don't register the qute:// scheme, all requests are + # flagged as opaque. + return True + + if (target == ('qute', 'testdata') and + is_opaque and + qtutils.version_check('5.12')): + # Allow requests to qute://testdata, as this is needed in Qt 5.12 + # for all tests to work properly. No qute://testdata handler is + # installed outside of tests. return True if initiator.isValid() and initiator.scheme() != 'qute': log.misc.warning("Blocking malicious request from {} to {}".format( initiator.toDisplayString(), - job.requestUrl().toDisplayString())) + request_url.toDisplayString())) job.fail(QWebEngineUrlRequestJob.RequestDenied) return False |