Normalize URLs for permission requests

Permission requests are for an entire origin (scheme/host/port), not a specific part. Make that clear by removing any uneeded information and also removing the trailing /.
author: Florian Bruhin <me@the-compiler.org> 2019-07-10 18:31:31 +0200
committer: Florian Bruhin <me@the-compiler.org> 2019-07-10 18:31:31 +0200
commit: 392bb2fdec44b559ae1587cb5f236c0de92151f7 (patch)
tree: d98b649a3f7700267004f46d4f0ee19966a798bd
parent: 7c3d45f3b371266943e18c8581718ec04d0b7cfb (diff)
download: qutebrowser-392bb2fdec44b559ae1587cb5f236c0de92151f7.tar.gz
qutebrowser-392bb2fdec44b559ae1587cb5f236c0de92151f7.zip
3 files changed, 12 insertions, 7 deletions
diff --git a/qutebrowser/browser/webengine/webenginetab.py b/qutebrowser/browser/webengine/webenginetab.py
index 6046b0a02..ac23a5804 100644
--- a/qutebrowser/browser/webengine/webenginetab.py
+++ b/qutebrowser/browser/webengine/webenginetab.py
@@ -827,7 +827,7 @@ class _WebEnginePermissions(QObject):
             QWebEnginePage.PermissionDeniedByUser)
 
         question = shared.feature_permission(
-            url=url,
+            url=url.adjusted(QUrl.RemovePath),
             option=self._options[feature], msg=self._messages[feature],
             yes_action=yes_action, no_action=no_action,
             abort_on=[self._tab.abort_questions])
@@ -854,7 +854,7 @@ class _WebEnginePermissions(QObject):
     def _on_quota_requested(self, request):
         size = utils.format_size(request.requestedSize())
         shared.feature_permission(
-            url=request.origin(),
+            url=request.origin().adjusted(QUrl.RemovePath),
             option='content.persistent_storage',
             msg='use {} of persistent storage'.format(size),
             yes_action=request.accept, no_action=request.reject,
@@ -863,7 +863,7 @@ class _WebEnginePermissions(QObject):
 
     def _on_register_protocol_handler_requested(self, request):
         shared.feature_permission(
-            url=request.origin(),
+            url=request.origin().adjusted(QUrl.RemovePath),
             option='content.register_protocol_handler',
             msg='open all {} links'.format(request.scheme()),
             yes_action=request.accept, no_action=request.reject,
diff --git a/qutebrowser/browser/webkit/webpage.py b/qutebrowser/browser/webkit/webpage.py
index 1b4b85c65..f591b9754 100644
--- a/qutebrowser/browser/webkit/webpage.py
+++ b/qutebrowser/browser/webkit/webpage.py
@@ -346,8 +346,13 @@ class BrowserPage(QWebPage):
             self.setFeaturePermission, frame, feature,
             QWebPage.PermissionDeniedByUser)
 
+        url = frame.url().adjusted(QUrl.RemoveUserInfo |
+                                   QUrl.RemovePath |
+                                   QUrl.RemoveQuery |
+                                   QUrl.RemoveFragment)
+
         question = shared.feature_permission(
-            url=frame.url(),
+            url=url,
             option=options[feature], msg=messages[feature],
             yes_action=yes_action, no_action=no_action,
             abort_on=[self.shutting_down, self.loadStarted])
diff --git a/tests/end2end/features/prompts.feature b/tests/end2end/features/prompts.feature
index c3e72c61e..85698dc05 100644
--- a/tests/end2end/features/prompts.feature
+++ b/tests/end2end/features/prompts.feature
@@ -234,7 +234,7 @@ Feature: Prompts
         And I wait for a prompt
         And I run :prompt-accept --save no
         Then the javascript message "geolocation permission denied" should be logged
-        And the per-domain option content.geolocation should be set to false for http://localhost:(port)/
+        And the per-domain option content.geolocation should be set to false for http://localhost:(port)
 
     Scenario: geolocation with ask -> abort
         When I set content.geolocation to ask
@@ -281,7 +281,7 @@ Feature: Prompts
         And I wait for a prompt
         And I run :prompt-accept --save no
         Then the javascript message "notification permission denied" should be logged
-        And the per-domain option content.notifications should be set to false for http://localhost:(port)/
+        And the per-domain option content.notifications should be set to false for http://localhost:(port)
 
     @qtwebengine_notifications
     Scenario: notifications with ask -> true
@@ -302,7 +302,7 @@ Feature: Prompts
         And I wait for a prompt
         And I run :prompt-accept --save yes
         Then the javascript message "notification permission granted" should be logged
-        And the per-domain option content.notifications should be set to true for http://localhost:(port)/
+        And the per-domain option content.notifications should be set to true for http://localhost:(port)
 
     # This actually gives us a denied rather than an aborted
     @xfail_norun
author	Florian Bruhin <me@the-compiler.org>	2019-07-10 18:31:31 +0200
committer	Florian Bruhin <me@the-compiler.org>	2019-07-10 18:31:31 +0200
commit	392bb2fdec44b559ae1587cb5f236c0de92151f7 (patch)
tree	d98b649a3f7700267004f46d4f0ee19966a798bd
parent	7c3d45f3b371266943e18c8581718ec04d0b7cfb (diff)
download	qutebrowser-392bb2fdec44b559ae1587cb5f236c0de92151f7.tar.gz qutebrowser-392bb2fdec44b559ae1587cb5f236c0de92151f7.zip