Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-67068

DNS prefetching can be enabled by web page even though DNS prefetching is disabled in QWebSettings



    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 5.9.4
    • WebKit
    • None



      DNS prefetching can be disabled (and is disabled by default, actually) when using Qt WebKit [1]. However, when a web page explicitely enables DNS prefetching by using a header (X-DNS-Prefetch-Control: on) or a HTML meta http-equiv tag (<meta http-equiv="x-dns-prefetch-control" content="on">), DNS prefetching is enabled anyway, ignoring the settings in QWebSettings (this behavior is inherited from upstream). The following snippet of code shows what is happening (Source/WebCore/dom/Document.cpp):

        4729	void Document::initDNSPrefetch()
        4730	{
        4731	    Settings* settings = this->settings();
        4733	    m_haveExplicitlyDisabledDNSPrefetch = false;
        4734	    m_isDNSPrefetchEnabled = settings && settings->dnsPrefetchingEnabled() && securityOrigin()->protocol() == "http";
        4736	    // Inherit DNS prefetch opt-out from parent frame    
        4737	    if (Document* parent = parentDocument()) {
        4738	        if (!parent->isDNSPrefetchEnabled())
        4739	            m_isDNSPrefetchEnabled = false;
        4740	    }
        4741	}
        4743	void Document::parseDNSPrefetchControlHeader(const String& dnsPrefetchControl)
        4744	{
        4745	    if (equalIgnoringCase(dnsPrefetchControl, "on") && !m_haveExplicitlyDisabledDNSPrefetch) {
        4746	        m_isDNSPrefetchEnabled = true;
        4747	        return;
        4748	    }
        4750	    m_isDNSPrefetchEnabled = false;
        4751	    m_haveExplicitlyDisabledDNSPrefetch = true;
        4752	}

      On line 4734, when initializing DNS prefetching, the settings regarding DNS prefetching are taken into account. However, when a website enables DNS prefetching with a header or a HTML meta http-equiv tag, the settings are ignored and DNS prefetching is enabled anyway (line 4746).

      To me, that is somewhat unexpected since I instructed QWebSettings to disable DNS prefetching.

      Here is a patch that would solve the problem (the patch is written such that the diff with upstream stays small; I can take a different approach if desired):

      diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
      index af63b141f..3ff5a2f25 100644
      --- a/Source/WebCore/dom/Document.cpp
      +++ b/Source/WebCore/dom/Document.cpp
      @@ -4743,7 +4743,6 @@ void Document::initDNSPrefetch()
       void Document::parseDNSPrefetchControlHeader(const String& dnsPrefetchControl)
           if (equalIgnoringCase(dnsPrefetchControl, "on") && !m_haveExplicitlyDisabledDNSPrefetch) {
      -        m_isDNSPrefetchEnabled = true;

      Would you accept a patch like this? If so, against which git branch should I submit a gerrit review?

      I doubt upstream will take such a patch, as the code seems to be written like this intentionally and furthermore, the behavior is actually described in the documentation [2].

      Thanks to Jens Mueller for contacting Trojita about this issue [3].

      1: https://doc.qt.io/archives/qt-5.5/qwebsettings.html#WebAttribute-enum
      2: https://www.chromium.org/developers/design-documents/dns-prefetching#TOC-DNS-Prefetch-Control
      3: https://bugs.kde.org/show_bug.cgi?id=390452


        For Gerrit Dashboard: QTBUG-67068
        # Subject Branch Project Status CR V



            annulen Konstantin Tokarev
            cschutijser Caspar Schutijser
            1 Vote for this issue
            6 Start watching this issue



              Gerrit Reviews

                There are no open Gerrit changes