#include <mw/QtWebKit/qwebsecurityorigin.h>
| class QWebSecurityOrigin |
The QWebSecurityOrigin class defines a security boundary for web sites.
| Public Member Functions | |
|---|---|
| QWebSecurityOrigin(const QWebSecurityOrigin &) | |
| ~QWebSecurityOrigin() | |
| void | addLocalScheme(const QString &) |
| QList< QWebSecurityOrigin > | allOrigins() |
| qint64 | databaseQuota() |
| qint64 | databaseUsage() |
| QList< QWebDatabase > | databases() |
| QString | host() |
| QStringList | localSchemes() |
| QWebSecurityOrigin & | operator=(const QWebSecurityOrigin &) |
| int | port() |
| void | removeLocalScheme(const QString &) |
| QString | scheme() |
| void | setDatabaseQuota(qint64) |
For example the site {http://www.example.com/my/page.html} is allowed to share the same database as {http://www.example.com/my/overview.html}, or access each other's documents when used in HTML frame sets and JavaScript. At the same time it prevents {http://www.malicious.com/evil.html} from accessing {http://www.example.com/}'s resources, because they are of a different security origin.
By default local schemes like {file://} and {qrc://} are concidered to be in the same security origin, and can access each other's resources. You can add additional local schemes by using QWebSecurityOrigin::addLocalScheme(), or override the default same-origin behavior by setting QWebSettings::LocalContentCanAccessFileUrls to {false}.
Local resources are by default restricted from accessing remote content, which means your {file://} will not be able to access {http://domain.com/foo.html}. You can relax this restriction by setting QWebSettings::LocalContentCanAccessRemoteUrls to {true}.
Use databases() to access the databases defined within a security origin. The disk usage of the origin's databases can be limited with setDatabaseQuota(). databaseQuota() and databaseUsage() report the current limit as well as the current usage.
For more information refer to the {http://en.wikipedia.org/wiki/Same_origin_policy}{"Same origin policy" Wikipedia Article}.
See also: QWebFrame::securityOrigin()
| void | addLocalScheme | ( | const QString & | scheme | ) | [static] |
Cross domain restrictions depend on the two web settings QWebSettings::LocalContentCanAccessFileUrls and QWebSettings::LocalContentCanAccessFileUrls. By default all local schemes are concidered to be in the same security origin, and local schemes can not access remote content.
| QList< QWebSecurityOrigin > | allOrigins | ( | ) | [static] |
Returns a list of all security origins with a database quota defined.
| qint64 | databaseQuota | ( | ) | const |
Returns the quota for the databases in the security origin.
| qint64 | databaseUsage | ( | ) | const |
Returns the number of bytes all databases in the security origin use on the disk.
| QList< QWebDatabase > | databases | ( | ) | const |
Returns a list of all databases defined in the security origin.
| QStringList | localSchemes | ( | ) | [static] |
See also: addLocalScheme(), removeLocalScheme()
| QWebSecurityOrigin & | operator= | ( | const QWebSecurityOrigin & | other | ) |
Assigns the other security origin to this.
| void | removeLocalScheme | ( | const QString & | scheme | ) | [static] |
You can not remove the {file://} scheme from the list of local schemes.
See also: addLocalScheme()
| void | setDatabaseQuota | ( | qint64 | quota | ) |
Sets the quota for the databases in the security origin to quota bytes.
If the quota is set to a value less than the current usage, the quota will remain and no data will be purged to meet the new quota. However, no new data can be added to databases in this origin.