[webkit-qt] Preventing net access for specific WebView
thomas.mcguire at kdab.com
Thu Mar 14 07:10:10 PDT 2013
we're developing a Qt5/QtQtuick2 application that can embed other HTML5
applications. These HTML5 apps are displayed in QML WebViews.
I'd like to restrict network access in some of the WebViews, while allowing
network access in others. The only way to get network access on that device is
via a SOCKS5 proxy running on localhost. So I see two possibility of
restricting network access:
1) Make some WebViews use the proxy, and making other WebViews not use the
2) Make all WebViews use the proxy but somehow(?) disable network access in
some of the WebViews by other means.
Right now, the only way to set a proxy at all is via the env vars http_proxy
and https_proxy. Since there is only one web process with one QNAM, setting
these env vars means the proxy is set globally, for all WebViews, which would
rule out 1).
One idea I had to make 1) work is to add additional API to QQuickWebView to
enabled the ProcessModelMultipleSecondaryProcesses, and then add more API to
QQuickWebView to set a proxy via API rather than via env vars. That would
enable to have one web process per WebView, and the proxy could be set per
WebView, exactly what I needed, although with the unfortunate side effect of
having many more processes, which on an embedded device is probably not good.
The other thing is that I heard plans of moving the QNAM to a seperate network
process, in which case having multiple web processes does not help anyway.
What is the timeline for having the network process in Qt, btw?
Or maybe there is a way to make 2) work? I tried playing around with settings
like setAllowUniversalAccessFromFileURLs(false), but that only restricts
script loading, not all network traffic. Seems like SecurityOrigin is made to
prevent cross-site stuff, not to prevent network traffic at all. So that
doesn't seem to work for me. Maybe there are some other means which you know
I would appreciate any ideas how to restrict network traffic in some specific
WebViews, but not all. Ideally I would prefer a solution where I can write an
upstreamable patch. Well better even making this work without a patch :)
Any ideas are welcome, I am that desperate that I even considered creating URL
scheme delegates for HTTP and HTTPS...
Thomas McGuire | thomas.mcguire at kdab.com | Software Engineer
KDAB (Deutschland) GmbH&Co KG, a KDAB Group company
Tel. Germany +49-30-521325470, Sweden (HQ) +46-563-540090
KDAB - Qt Experts - Platform-independent software solutions
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3637 bytes
Desc: not available
More information about the webkit-qt