Hi, we're developing a Qt5/QtQtuick2 application that can embed other HTML5 applications. These HTML5 apps are displayed in QML WebViews.
I'd like to restrict network access in some of the WebViews, while allowing network access in others. The only way to get network access on that device is via a SOCKS5 proxy running on localhost. So I see two possibility of restricting network access: 1) Make some WebViews use the proxy, and making other WebViews not use the proxy. 2) Make all WebViews use the proxy but somehow(?) disable network access in some of the WebViews by other means. Right now, the only way to set a proxy at all is via the env vars http_proxy and https_proxy. Since there is only one web process with one QNAM, setting these env vars means the proxy is set globally, for all WebViews, which would rule out 1). One idea I had to make 1) work is to add additional API to QQuickWebView to enabled the ProcessModelMultipleSecondaryProcesses, and then add more API to QQuickWebView to set a proxy via API rather than via env vars. That would enable to have one web process per WebView, and the proxy could be set per WebView, exactly what I needed, although with the unfortunate side effect of having many more processes, which on an embedded device is probably not good. The other thing is that I heard plans of moving the QNAM to a seperate network process, in which case having multiple web processes does not help anyway. What is the timeline for having the network process in Qt, btw? Or maybe there is a way to make 2) work? I tried playing around with settings like setAllowUniversalAccessFromFileURLs(false), but that only restricts script loading, not all network traffic. Seems like SecurityOrigin is made to prevent cross-site stuff, not to prevent network traffic at all. So that doesn't seem to work for me. Maybe there are some other means which you know about? I would appreciate any ideas how to restrict network traffic in some specific WebViews, but not all. Ideally I would prefer a solution where I can write an upstreamable patch. Well better even making this work without a patch :) Any ideas are welcome, I am that desperate that I even considered creating URL scheme delegates for HTTP and HTTPS... Regards, Thomas -- Thomas McGuire | [email protected] | Software Engineer KDAB (Deutschland) GmbH&Co KG, a KDAB Group company Tel. Germany +49-30-521325470, Sweden (HQ) +46-563-540090 KDAB - Qt Experts - Platform-independent software solutions
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ webkit-qt mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-qt
