[arch-commits] Commit in qutebrowser/trunk (initiator.patch)

[Morten Linderud]

    Date: Wednesday, October 3, 2018 @ 14:48:57
  Author: foxboron
Revision: 389225

removed patch

Deleted:
  qutebrowser/trunk/initiator.patch

-----------------+
 initiator.patch |   75 ------------------------------------------------------
 1 file changed, 75 deletions(-)

Deleted: initiator.patch
===================================================================
--- initiator.patch	2018-10-03 14:40:59 UTC (rev 389224)
+++ initiator.patch	2018-10-03 14:48:57 UTC (rev 389225)
@@ -1,75 +0,0 @@
-diff --git a/qutebrowser/browser/webengine/webenginequtescheme.py b/qutebrowser/browser/webengine/webenginequtescheme.py
-index 3eb7c7df1..3ddbf48f4 100644
---- a/qutebrowser/browser/webengine/webenginequtescheme.py
-+++ b/qutebrowser/browser/webengine/webenginequtescheme.py
-@@ -19,7 +19,7 @@
- 
- """QtWebEngine specific qute://* handlers and glue code."""
- 
--from PyQt5.QtCore import QBuffer, QIODevice
-+from PyQt5.QtCore import QBuffer, QIODevice, QUrl
- from PyQt5.QtWebEngineCore import (QWebEngineUrlSchemeHandler,
-                                    QWebEngineUrlRequestJob)
- 
-@@ -39,6 +39,37 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
-             profile.installUrlSchemeHandler(b'chrome-error', self)
-             profile.installUrlSchemeHandler(b'chrome-extension', self)
- 
-+    def _check_initiator(self, job):
-+        """Check whether the initiator of the job should be allowed.
-+
-+        Only the browser itself or qute:// pages should access any of those
-+        URLs. The request interceptor further locks down qute://settings/set.
-+
-+        Args:
-+            job: QWebEngineUrlRequestJob
-+
-+        Return:
-+            True if the initiator is allowed, False if it was blocked.
-+        """
-+        try:
-+            initiator = job.initiator()
-+        except AttributeError:
-+            # Added in Qt 5.11
-+            return True
-+
-+        if initiator == QUrl('null') and not qtutils.version_check('5.12'):
-+            # WORKAROUND for https://bugreports.qt.io/browse/QTBUG-70421
-+            return True
-+
-+        if initiator.isValid() and initiator.scheme() != 'qute':
-+            log.misc.warning("Blocking malicious request from {} to {}".format(
-+                initiator.toDisplayString(),
-+                job.requestUrl().toDisplayString()))
-+            job.fail(QWebEngineUrlRequestJob.RequestDenied)
-+            return False
-+
-+        return True
-+
-     def requestStarted(self, job):
-         """Handle a request for a qute: scheme.
- 
-@@ -55,21 +86,8 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
-             job.fail(QWebEngineUrlRequestJob.UrlInvalid)
-             return
- 
--        # Only the browser itself or qute:// pages should access any of those
--        # URLs.
--        # The request interceptor further locks down qute://settings/set.
--        try:
--            initiator = job.initiator()
--        except AttributeError:
--            # Added in Qt 5.11
--            pass
--        else:
--            if initiator.isValid() and initiator.scheme() != 'qute':
--                log.misc.warning("Blocking malicious request from {} to {}"
--                                 .format(initiator.toDisplayString(),
--                                         url.toDisplayString()))
--                job.fail(QWebEngineUrlRequestJob.RequestDenied)
--                return
-+        if not self._check_initiator(job):
-+            return
- 
-         if job.requestMethod() != b'GET':
-             job.fail(QWebEngineUrlRequestJob.RequestDenied)