eric: comparison WebBrowser/Network/NetworkUrlInterceptor.py

-:1d4d790414b2
+:9f7bbfd6545d
 by QtWebEngine.
 """
 from __future__ import unicode_literals
-from PyQt5.QtCore import QMutex, QMutexLocker
+from PyQt5.QtCore import QMutex, QMutexLocker, QUrl
-from PyQt5.QtWebEngineCore import QWebEngineUrlRequestInterceptor
+from PyQt5.QtWebEngineCore import QWebEngineUrlRequestInterceptor, \
+QWebEngineUrlRequestInfo
 from ..WebBrowserPage import WebBrowserPage
 import Preferences
 info.setHttpHeader(b"User-Agent", userAgent.encode())
 for interceptor in self.__interceptors:
 interceptor.interceptRequest(info)
+def installUrlInterceptor(self, interceptor):
+"""
+Public method to install an URL interceptor.
+@param interceptor URL interceptor to be installed
+@type UrlInterceptor
+"""
+locker = QMutexLocker(self.__mutex)     # __IGNORE_WARNING__
+if interceptor not in self.__interceptors:
+self.__interceptors.append(interceptor)
+def removeUrlInterceptor(self, interceptor):
+"""
+Public method to remove an URL interceptor.
+@param interceptor URL interceptor to be removed
+@type UrlInterceptor
+"""
+locker = QMutexLocker(self.__mutex)     # __IGNORE_WARNING__
+if interceptor in self.__interceptors:
+self.__interceptors.remove(interceptor)
+def __loadSettings(self):
+"""
+Private method to load the Network Manager settings.
+"""
+locker = QMutexLocker(self.__mutex)     # __IGNORE_WARNING__
+self.__doNotTrack = Preferences.getWebBrowser("DoNotTrack")
+self.__sendReferer = Preferences.getWebBrowser("RefererSendReferer")
+self.__refererDefaultPolicy = \
+Preferences.getWebBrowser("RefererDefaultPolicy")
+self.__refererTrimmingPolicy = \
+Preferences.getWebBrowser("RefererTrimmingPolicy")
+def preferencesChanged(self):
+"""
+Public slot to handle a change of preferences.
+"""
+self.__loadSettings()
 def __setRefererHeader(self, info):
 """
 Private method to set the 'Referer' header depending on the configured
 rule set.
 @param info URL request information
 @type QWebEngineUrlRequestInfo
-"""
+@see <a href="https://wiki.mozilla.org/Security/Referrer">
-# TODO: extend referrer handling like that:
+Mozilla Referrer</a>
+@see <a href="https://www.w3.org/TR/referrer-policy/">
+W3C Referrer Policy</a>
+"""
 # 1. SendReferer:
 #       0 = never
 #       1 = only on click (NavigationTypeLink)
 #       2 = always (default)
 # 2. RefererTrimmingPolicy:
 #       0 = send full URL (no trimming) (default)
 #       1 = send the URL without its query string
 #       2 = only send the origin (ensure trailing /)
 # 3. RefererDefaultPolicy:
 #   set the default referrer policy (which can be overriden by
 #       1 = same-origin
 #       2 = strict-origin-when-cross-origin
 #       3 = no-referrer-when-downgrade (default)
 # see: https://wiki.mozilla.org/Security/Referrer
 # see: https://www.w3.org/TR/referrer-policy/
-if not self.__sendReferer:
+if self.__sendReferer == 0:
+# never send referer header
 info.setHttpHeader(b"Referer", b"")
+elif (self.__sendReferer == 1 and
-def installUrlInterceptor(self, interceptor):
+info.navigationType() !=
-"""
+QWebEngineUrlRequestInfo.NavigationTypeLink):
-Public method to install an URL interceptor.
+# send referer header only on click
+info.setHttpHeader(b"Referer", b"")
-@param interceptor URL interceptor to be installed
+else:
-@type UrlInterceptor
+# send referer header always applying further policies
-"""
+url = info.firstPartyUrl()
-locker = QMutexLocker(self.__mutex)     # __IGNORE_WARNING__
+reqUrl = info.requestUrl()
+if self.__refererDefaultPolicy == 0:
-if interceptor not in self.__interceptors:
+# no-referrer
-self.__interceptors.append(interceptor)
+refererUrl = b""
+elif self.__refererDefaultPolicy == 1:
-def removeUrlInterceptor(self, interceptor):
+# same-origin
-"""
+if self.__sameOrigin(url, reqUrl):
-Public method to remove an URL interceptor.
+refererUrl = self.__trimmedReferer(url)
+else:
-@param interceptor URL interceptor to be removed
+refererUrl = b""
-@type UrlInterceptor
+elif self.__refererDefaultPolicy == 2:
-"""
+# strict-origin-when-cross-origin
-locker = QMutexLocker(self.__mutex)     # __IGNORE_WARNING__
+if self.__sameOrigin(url, reqUrl):
+refererUrl = self.__trimmedReferer(url)
-if interceptor in self.__interceptors:
+elif url.scheme() in ("https", "wss"):
-self.__interceptors.remove(interceptor)
+if self.__potentiallyTrustworthy(url):
+refererUrl = self.__refererOrigin(url)
-def __loadSettings(self):
+else:
-"""
+refererUrl = b""
-Private method to load the Network Manager settings.
+else:
-"""
+refererUrl = self.__refererOrigin(url)
-locker = QMutexLocker(self.__mutex)     # __IGNORE_WARNING__
+else:
+# no-referrer-when-downgrade
-self.__doNotTrack = Preferences.getWebBrowser("DoNotTrack")
+if url.scheme() in ("https", "wss") and \
-self.__sendReferer = Preferences.getWebBrowser("SendReferer")
+not self.__potentiallyTrustworthy(url):
+refererUrl = b""
-def preferencesChanged(self):
+else:
-"""
+refererUrl = self.__trimmedReferer(url)
-Public slot to handle a change of preferences.
-"""
+info.setHttpHeader(b"Referer", refererUrl)
-self.__loadSettings()
+def __sameOrigin(self, url1, url2):
+"""
+Private method to test the "same origin" policy.
+@param url1 first URL for the test
+@type QUrl
+@param url2 second URL for the test
+@type QUrl
+@return flag indicating that both URLs have the same origin
+@rtype bool
+"""
+origin1 = url1.url(QUrl.RemoveUserInfo | QUrl.RemovePath)
+origin2 = url2.url(QUrl.RemoveUserInfo | QUrl.RemovePath)
+return origin1 == origin2
+def __potentiallyTrustworthy(self, url):
+"""
+Private method to check, if the given URL is potentially trustworthy.
+@param url URL to be checked
+@type QUrl
+@return flag indicating a potentially trustworthy URL
+@rtype bool
+"""
+if url.scheme() == "data":
+return False
+if url.toString() in ("about:blank", "about:srcdoc"):
+return True
+origin = url.adjusted(QUrl.RemoveUserInfo | QUrl.RemovePath)
+if origin.isEmpty() or origin.scheme() == "":
+return False
+if origin.scheme() in ("https", "wss"):
+return True
+if origin.host().startswith("127.") or origin.host().endswith(":1"):
+return True
+if origin.host() == "localhost" or \
+origin.host().endswith(".localhost"):
+return True
+if origin.scheme() == "file":
+return True
+if origin.scheme() in ("qrc", "qthelp", "eric"):
+return True
+return False
+def __trimmedReferer(self, url):
+"""
+Private method to generate the trimmed referer header URL.
+@param url URL to be trimmed as a referer header
+@type QUrl
+@return trimmed referer header URL
+@rtype QByteArray or bytes
+"""
+if self.__refererTrimmingPolicy == 0:
+# send full URL (no trimming) (default)
+refererUrl = url.toEncoded(
+QUrl.RemoveUserInfo | QUrl.RemoveFragment)
+elif self.__refererTrimmingPolicy == 1:
+# send the URL without its query string
+refererUrl = url.toEncoded(
+QUrl.RemoveUserInfo | QUrl.RemoveFragment |
+QUrl.RemoveQuery)
+else:
+# only send the origin (ensure trailing /)
+refererUrl = self.__refererOrigin(url)
+return refererUrl
+def __refererOrigin(self, url):
+"""
+Private method to generate an origin referer header URL.
+@param url URL to generate the header from
+@type QUrl
+@return origin referer header URL
+@rtype QByteArray or bytes
+"""
+referer = url.toEncoded(QUrl.RemoveUserInfo | QUrl.RemovePath)
+if not referer.endsWith(b"/"):
+referer += b"/"
+return referer

Mercurial Repositories > eric / file comparison

comparison: WebBrowser/Network/NetworkUrlInterceptor.py

WebBrowser/Network/NetworkUrlInterceptor.py