Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-103778

[REG 5.15 -> 6.2] ERR_NETWORK_ACCESS_DENIED when clicking link from local page

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 6.2.4, 6.3.0
    • Fix Version/s: 6.2.5, 6.3.1, 6.4.0 Beta1
    • Component/s: WebEngine
    • Labels:
      None
    • Commits:
      2ba1f04b45 (qt/qtwebengine/dev) cdd438c3aa (qt/qtwebengine/6.2) 8d0bd4b1a1 (qt/qtwebengine/6.3) 8d0bd4b1a1 (qt/qtwebengine/6.3.1) 8d0bd4b1a1 (qt/tqtc-qtwebengine/6.3.1) 2ba1f04b45 (qt/qtwebengine/6.4) 2ba1f04b45 (qt/tqtc-qtwebengine/6.4)

      Description

      With e.g. this HTML page:

      <!doctype html>
      <html>
          <body>
              <a href="https://qt.io">Qt</a>
          </body>
      </html>
      

      saved to a test.html, clicking the link with QtWebEngine 6.2 causes the load to be blocked with ERR_NETWORK_ACCESS_DENIED. This can e.g. be reproduced in simplebrowser.

      Setting QWebEngineSettings::LocalContentCanAccessRemoteUrls to true (false by default) fixes things, but that seems unexpected: An user clicking links isn't the local content accessing a remote URL, it's just the user following a link (and probably something common, certainly working fine in e.g. Chromium). It also means that the page can now load any remote content, which seems problematic security-wise.

      Possibly related: Improve local scheme access rules (Ieb24da12) ยท Gerrit Code Review

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              allan.jensen Allan Sandfeld Jensen
              Reporter:
              the compiler Florian Bruhin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes