Details
-
Bug
-
Resolution: Fixed
-
P2: Important
-
None
-
5.15.9, 6.3.1
Description
A http request issued from a local scheme like qrc is blocked because of CORS (cross-origin-resource-sharing) restriction. We expect the local scheme is not considered as cross-origin.
Attached is a repro Qt project based in example webui. It tests qrc, customized/registered scheme, and file scheme, was built and run with Qt5.15.9 and 6.3.1.
- the user defined scheme can NOT be qrc as it's an internal scheme
- even with user defined scheme (loc in the repro), the http request will be blocked.
- js: Access to XMLHttpRequest at 'https://www.google.com/' from origin 'loc:' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
- the file scheme is working in 5.15.9 but failing with 6.3.1 in this repro.
- likely the same issue as https://bugreports.qt.io/browse/QTBUG-76258. bur workaround didn't work anymore.
- per our investigate, this issue is also related to Chromium SameSiteByDefaultCookie flag
Attachments
Issue Links
- relates to
-
QTBUG-76258 When loading a XHR request from a qrc based file to www.google.com it will not succeed due to it failing on the CORS level
-
- Closed
-