Important: Please read the Qt Code of Conduct -

Web security origin policy on Webkit2/ QtWebkit 3.0 On QML

  • I am using QtWebkit 3.0 [ WK2 ] on QtQuick 2.
    I could not find any API to turn the web-security-origin policy anywhere!

    Any hint on this to proceed ,is very much appreciable.

  • Yes, I have a problem with webkit securityOrigin also.

    In c++ widgets (eg. QWebView), securityOrigin allows to read from local file. In qml side (import QtWebKit 3.0, WebView) securityOrigin does not allow reading from local file.

    For reference:
    In Firefox I can read local files, in Chromium not, the error is: "Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin".

    By local file I mean a file that is in that same directory, where the startup html-file is read. By reading local file I mean using jQuery.ajax function to get the file, eg. in json format.

    In c++ there is an easy way (QWebSettings) to change the securityOrigin setting. In qml there does not seem to be any.

    In my project, I control the qt-platform, so I did a dirty thing; I changed webkit code. File qtwebkit/Source/WebCore/page/SecurityOrigin.cpp, there is a function bool SecurityOrigin::canRequest(const KURL& url) const. I changed the last line from "return false" to "return true". Now it works.

    But, it would be much better, if I could change this behaviour in controlled/webkit approved way.

  • Yes, apparently i had to do the same way.

    And reg Ref : Just like firefox, you can turn off WSO policy in Chrome as well. [ --disable-web-security argument]

Log in to reply