diff options
author | Florian Bruhin <me@the-compiler.org> | 2019-07-10 18:31:31 +0200 |
---|---|---|
committer | Florian Bruhin <me@the-compiler.org> | 2019-07-10 18:31:31 +0200 |
commit | 392bb2fdec44b559ae1587cb5f236c0de92151f7 (patch) | |
tree | d98b649a3f7700267004f46d4f0ee19966a798bd | |
parent | 7c3d45f3b371266943e18c8581718ec04d0b7cfb (diff) | |
download | qutebrowser-392bb2fdec44b559ae1587cb5f236c0de92151f7.tar.gz qutebrowser-392bb2fdec44b559ae1587cb5f236c0de92151f7.zip |
Normalize URLs for permission requests
Permission requests are for an entire origin (scheme/host/port), not a specific
part. Make that clear by removing any uneeded information and also removing the
trailing /.
-rw-r--r-- | qutebrowser/browser/webengine/webenginetab.py | 6 | ||||
-rw-r--r-- | qutebrowser/browser/webkit/webpage.py | 7 | ||||
-rw-r--r-- | tests/end2end/features/prompts.feature | 6 |
3 files changed, 12 insertions, 7 deletions
diff --git a/qutebrowser/browser/webengine/webenginetab.py b/qutebrowser/browser/webengine/webenginetab.py index 6046b0a02..ac23a5804 100644 --- a/qutebrowser/browser/webengine/webenginetab.py +++ b/qutebrowser/browser/webengine/webenginetab.py @@ -827,7 +827,7 @@ class _WebEnginePermissions(QObject): QWebEnginePage.PermissionDeniedByUser) question = shared.feature_permission( - url=url, + url=url.adjusted(QUrl.RemovePath), option=self._options[feature], msg=self._messages[feature], yes_action=yes_action, no_action=no_action, abort_on=[self._tab.abort_questions]) @@ -854,7 +854,7 @@ class _WebEnginePermissions(QObject): def _on_quota_requested(self, request): size = utils.format_size(request.requestedSize()) shared.feature_permission( - url=request.origin(), + url=request.origin().adjusted(QUrl.RemovePath), option='content.persistent_storage', msg='use {} of persistent storage'.format(size), yes_action=request.accept, no_action=request.reject, @@ -863,7 +863,7 @@ class _WebEnginePermissions(QObject): def _on_register_protocol_handler_requested(self, request): shared.feature_permission( - url=request.origin(), + url=request.origin().adjusted(QUrl.RemovePath), option='content.register_protocol_handler', msg='open all {} links'.format(request.scheme()), yes_action=request.accept, no_action=request.reject, diff --git a/qutebrowser/browser/webkit/webpage.py b/qutebrowser/browser/webkit/webpage.py index 1b4b85c65..f591b9754 100644 --- a/qutebrowser/browser/webkit/webpage.py +++ b/qutebrowser/browser/webkit/webpage.py @@ -346,8 +346,13 @@ class BrowserPage(QWebPage): self.setFeaturePermission, frame, feature, QWebPage.PermissionDeniedByUser) + url = frame.url().adjusted(QUrl.RemoveUserInfo | + QUrl.RemovePath | + QUrl.RemoveQuery | + QUrl.RemoveFragment) + question = shared.feature_permission( - url=frame.url(), + url=url, option=options[feature], msg=messages[feature], yes_action=yes_action, no_action=no_action, abort_on=[self.shutting_down, self.loadStarted]) diff --git a/tests/end2end/features/prompts.feature b/tests/end2end/features/prompts.feature index c3e72c61e..85698dc05 100644 --- a/tests/end2end/features/prompts.feature +++ b/tests/end2end/features/prompts.feature @@ -234,7 +234,7 @@ Feature: Prompts And I wait for a prompt And I run :prompt-accept --save no Then the javascript message "geolocation permission denied" should be logged - And the per-domain option content.geolocation should be set to false for http://localhost:(port)/ + And the per-domain option content.geolocation should be set to false for http://localhost:(port) Scenario: geolocation with ask -> abort When I set content.geolocation to ask @@ -281,7 +281,7 @@ Feature: Prompts And I wait for a prompt And I run :prompt-accept --save no Then the javascript message "notification permission denied" should be logged - And the per-domain option content.notifications should be set to false for http://localhost:(port)/ + And the per-domain option content.notifications should be set to false for http://localhost:(port) @qtwebengine_notifications Scenario: notifications with ask -> true @@ -302,7 +302,7 @@ Feature: Prompts And I wait for a prompt And I run :prompt-accept --save yes Then the javascript message "notification permission granted" should be logged - And the per-domain option content.notifications should be set to true for http://localhost:(port)/ + And the per-domain option content.notifications should be set to true for http://localhost:(port) # This actually gives us a denied rather than an aborted @xfail_norun |