QWebSecurityOrigin Class
The QWebSecurityOrigin class defines a security boundary for web sites. More...
Header: | #include <QWebSecurityOrigin> |
qmake: | QT += webkitwidgets |
Since: | Qt 4.5 |
Public Types
enum | SubdomainSetting { AllowSubdomains, DisallowSubdomains } |
Public Functions
QWebSecurityOrigin(const QUrl & url) | |
QWebSecurityOrigin(const QWebSecurityOrigin & other) | |
~QWebSecurityOrigin() | |
void | addAccessWhitelistEntry(const QString & scheme, const QString & host, SubdomainSetting subdomainSetting) |
qint64 | databaseQuota() const |
qint64 | databaseUsage() const |
QList<QWebDatabase> | databases() const |
QString | host() const |
int | port() const |
void | removeAccessWhitelistEntry(const QString & scheme, const QString & host, SubdomainSetting subdomainSetting) |
QString | scheme() const |
void | setApplicationCacheQuota(qint64 quota) |
void | setDatabaseQuota(qint64 quota) |
QWebSecurityOrigin & | operator=(const QWebSecurityOrigin & other) |
Static Public Members
void | addLocalScheme(const QString & scheme) |
QList<QWebSecurityOrigin> | allOrigins() |
QStringList | localSchemes() |
void | removeLocalScheme(const QString & scheme) |
Detailed Description
The QWebSecurityOrigin class defines a security boundary for web sites.
QWebSecurityOrigin provides access to the security domains defined by web sites. An origin consists of a host name, a scheme, and a port number. Web sites with the same security origin can access each other's resources for client-side scripting or databases.
For example the site http://www.example.com/my/page.html
is allowed to share the same database as http://www.example.com/my/overview.html
, or access each other's documents when used in HTML frame sets and JavaScript. At the same time it prevents http://www.malicious.com/evil.html
from accessing http://www.example.com/
's resources, because they are of a different security origin.
By default local schemes like file://
and qrc://
are concidered to be in the same security origin, and can access each other's resources. You can add additional local schemes by using QWebSecurityOrigin::addLocalScheme(), or override the default same-origin behavior by setting QWebSettings::LocalContentCanAccessFileUrls to false
.
Note: Local resources are by default restricted from accessing remote content, which means your file://
will not be able to access http://domain.com/foo.html
. You can relax this restriction by setting QWebSettings::LocalContentCanAccessRemoteUrls to true
.
Call QWebFrame::securityOrigin() to get the QWebSecurityOrigin for a frame in a web page, and use host(), scheme() and port() to identify the security origin.
Use databases() to access the databases defined within a security origin. The disk usage of the origin's databases can be limited with setDatabaseQuota(). databaseQuota() and databaseUsage() report the current limit as well as the current usage.
For more information refer to the "Same origin policy" Wikipedia Article.
See also QWebFrame::securityOrigin().
Member Function Documentation
QWebSecurityOrigin::QWebSecurityOrigin(const QUrl & url)
Allows contruction of QWebSecurityOrigin() as per the specified url.
QWebSecurityOrigin::QWebSecurityOrigin(const QWebSecurityOrigin & other)
Constructs a security origin from other.
QWebSecurityOrigin::~QWebSecurityOrigin()
Destroys the security origin.
void QWebSecurityOrigin::addAccessWhitelistEntry(const QString & scheme, const QString & host, SubdomainSetting subdomainSetting)
Allows the origin to access the specified host using the specified scheme. Specifying AllowSubdomains in subdomainSetting will allow the source origin to access the host's subdomains as well, whereas passing DisallowSubdomains would prevent this.
Such cross origin requests are otherwise restricted as per the same-origin-policy.
[static]
void QWebSecurityOrigin::addLocalScheme(const QString & scheme)
Adds the given scheme to the list of schemes that are considered equivalent to the file
: scheme.
Cross domain restrictions depend on the two web settings QWebSettings::LocalContentCanAccessFileUrls and QWebSettings::LocalContentCanAccessRemoteUrls. By default all local schemes are considered to be in the same security origin, and local schemes can not access remote content.
This function was introduced in Qt 4.6.
[static]
QList<QWebSecurityOrigin> QWebSecurityOrigin::allOrigins()
Returns a list of all security origins with a database quota defined.
qint64 QWebSecurityOrigin::databaseQuota() const
Returns the quota for the databases in the security origin.
See also setDatabaseQuota().
qint64 QWebSecurityOrigin::databaseUsage() const
Returns the number of bytes all databases in the security origin use on the disk.
QList<QWebDatabase> QWebSecurityOrigin::databases() const
Returns a list of all databases defined in the security origin.
QString QWebSecurityOrigin::host() const
Returns the host name defining the security origin.
[static]
QStringList QWebSecurityOrigin::localSchemes()
Returns a list of all the schemes concidered to be local.
By default this is file://
and qrc://
.
This function was introduced in Qt 4.6.
See also addLocalScheme() and removeLocalScheme().
int QWebSecurityOrigin::port() const
Returns the port number defining the security origin.
void QWebSecurityOrigin::removeAccessWhitelistEntry(const QString & scheme, const QString & host, SubdomainSetting subdomainSetting)
Removes the origin's whitelisted access to the specified host using the specified scheme as per the specified subdomainSetting.
[static]
void QWebSecurityOrigin::removeLocalScheme(const QString & scheme)
Removes the given scheme from the list of local schemes.
Note: You can not remove the file://
scheme from the list of local schemes.
This function was introduced in Qt 4.6.
See also addLocalScheme().
QString QWebSecurityOrigin::scheme() const
Returns the scheme defining the security origin.
void QWebSecurityOrigin::setApplicationCacheQuota(qint64 quota)
void QWebSecurityOrigin::setDatabaseQuota(qint64 quota)
Sets the quota for the databases in the security origin to quota bytes.
If the quota is set to a value less than the current usage, the quota will remain and no data will be purged to meet the new quota. However, no new data can be added to databases in this origin.
See also databaseQuota().
QWebSecurityOrigin & QWebSecurityOrigin::operator=(const QWebSecurityOrigin & other)
Assigns the other security origin to this.