On Mon, Feb 3, 2020 at 11:27 AM laurent Montel <mon...@kde.org> wrote: > > Le lundi 3 février 2020, 10:49:10 CET David Edmundson a écrit : > > I updated: > > > > https://community.kde.org/Policies/API_to_Avoid > > > > Which had no mention of this. > > > > David > > I think that you made an error > > "networkAccessManger->setAttribute(QNetworkRequest::FollowRedirectsAttribute, > true); " > Doesn't exist it's a enum from QnetworkRequest::RedirectPolicy > And FollowRedirectsAttribute is old value > It seems that we need to use QnetworkRequest::NoLessSafeRedirectPolicy > directly no ? >
Yes, the example code is definitely wrong: in the real world redirects are an attack vector. A few cases to consider: * Loops of redirects (could happen if the site is broken) * Leaking sensitive information via e.g. the Referrer header Regards, - Johan