CopperSpice API  1.7.4
QWebSecurityOrigin Class Reference

The QWebSecurityOrigin class defines a security boundary for web sites. More...

## Public Methods

QWebSecurityOrigin (const QWebSecurityOrigin &other)

~QWebSecurityOrigin ()

qint64 databaseQuota () const

QList< QWebDatabasedatabases () const

qint64 databaseUsage () const

QString host () const

QWebSecurityOrigin & operator= (const QWebSecurityOrigin &other)

int port () const

QString scheme () const

void setApplicationCacheQuota (qint64 quota)

void setDatabaseQuota (qint64 quota)

## Static Public Methods

static void addLocalScheme (const QString &scheme)

static QList< QWebSecurityOrigin > allOrigins ()

static QStringList localSchemes ()

static void removeLocalScheme (const QString &scheme)

## Friends

class QWebDatabase

class QWebFrame

## Detailed Description

The QWebSecurityOrigin class defines a security boundary for web sites.

QWebSecurityOrigin provides access to the security domains defined by web sites. An origin consists of a host name, a scheme, and a port number. Web sites with the same security origin can access each other's resources for client-side scripting or databases.

For example the site http://www.example.com/my/page.html is allowed to share the same database as http://www.example.com/my/overview.html, or access each other's documents when used in HTML frame sets and JavaScript. At the same time it prevents http://www.malicious.com/evil.html from accessing http://www.example.com/'s resources, because they are of a different security origin.

By default local schemes like file:// and qrc:// are considered to be in the same security origin, and can access each other's resources. You can add additional local schemes by using QWebSecurityOrigin::addLocalScheme(), or override the default same-origin behavior by setting QWebSettings::LocalContentCanAccessFileUrls to false.

Note
Local resources are by default restricted from accessing remote content, which means your file:// will not be able to access http://domain.com/foo.html. You can relax this restriction by setting QWebSettings::LocalContentCanAccessRemoteUrls to true.

Call QWebFrame::securityOrigin() to get the QWebSecurityOrigin for a frame in a web page, and use host(), scheme() and port() to identify the security origin.

Use databases() to access the databases defined within a security origin. The disk usage of the origin's databases can be limited with setDatabaseQuota(). databaseQuota() and databaseUsage() report the current limit as well as the current usage.

QWebFrame::securityOrigin()

## Constructor & Destructor Documentation

 QWebSecurityOrigin::~QWebSecurityOrigin ( )

Destroys the security origin.

 QWebSecurityOrigin::QWebSecurityOrigin ( const QWebSecurityOrigin & other )

Constructs a security origin from other.

## Method Documentation

 void QWebSecurityOrigin::addLocalScheme ( const QString & scheme )
static

Adds the given scheme to the list of schemes that are considered equivalent to the file: scheme.

Cross domain restrictions depend on the two web settings QWebSettings::LocalContentCanAccessFileUrls and QWebSettings::LocalContentCanAccessFileUrls. By default all local schemes are considered to be in the same security origin, and local schemes can not access remote content.

 QList< QWebSecurityOrigin > QWebSecurityOrigin::allOrigins ( )
static

Returns a list of all security origins with a database quota defined.

 qint64 QWebSecurityOrigin::databaseQuota ( ) const

Returns the quota for the databases in the security origin.

setDatabaseQuota()
 QList< QWebDatabase > QWebSecurityOrigin::databases ( ) const

Returns a list of all databases defined in the security origin.

 qint64 QWebSecurityOrigin::databaseUsage ( ) const

Returns the number of bytes all databases in the security origin use on the disk.

 QString QWebSecurityOrigin::host ( ) const

Returns the host name defining the security origin. s

 QStringList QWebSecurityOrigin::localSchemes ( )
static

Returns a list of all the schemes considered to be local. By default this is file:// and qrc://.

 QWebSecurityOrigin & QWebSecurityOrigin::operator= ( const QWebSecurityOrigin & other )

Copy assigns from other and returns a reference to this object.

 int QWebSecurityOrigin::port ( ) const

Returns the port number defining the security origin.

 void QWebSecurityOrigin::removeLocalScheme ( const QString & scheme )
static

Removes the given scheme from the list of local schemes.

Note
You can not remove the file:// scheme from the list of local schemes.