Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-103778

[REG 5.15 -> 6.2] ERR_NETWORK_ACCESS_DENIED when clicking link from local page

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P1: Critical P1: Critical
    • 6.2.5, 6.3.1, 6.4.0 Beta1
    • 6.2.4, 6.3.0
    • WebEngine
    • None
    • 2ba1f04b45 (qt/qtwebengine/dev) cdd438c3aa (qt/qtwebengine/6.2) 8d0bd4b1a1 (qt/qtwebengine/6.3) 8d0bd4b1a1 (qt/qtwebengine/6.3.1) 8d0bd4b1a1 (qt/tqtc-qtwebengine/6.3.1) 2ba1f04b45 (qt/qtwebengine/6.4) 2ba1f04b45 (qt/tqtc-qtwebengine/6.4)

      With e.g. this HTML page:

      <!doctype html>
      <html>
          <body>
              <a href="https://qt.io">Qt</a>
          </body>
      </html>
      

      saved to a test.html, clicking the link with QtWebEngine 6.2 causes the load to be blocked with ERR_NETWORK_ACCESS_DENIED. This can e.g. be reproduced in simplebrowser.

      Setting QWebEngineSettings::LocalContentCanAccessRemoteUrls to true (false by default) fixes things, but that seems unexpected: An user clicking links isn't the local content accessing a remote URL, it's just the user following a link (and probably something common, certainly working fine in e.g. Chromium). It also means that the page can now load any remote content, which seems problematic security-wise.

      Possibly related: Improve local scheme access rules (Ieb24da12) ยท Gerrit Code Review

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            allan.jensen Allan Sandfeld Jensen
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes