Banning QNetworkAccessManager
Johan Ouwerkerk
jm.ouwerkerk at gmail.com
Mon Feb 3 10:50:12 GMT 2020
On Mon, Feb 3, 2020 at 11:27 AM laurent Montel <montel at kde.org> wrote:
>
> Le lundi 3 février 2020, 10:49:10 CET David Edmundson a écrit :
> > I updated:
> >
> > https://community.kde.org/Policies/API_to_Avoid
> >
> > Which had no mention of this.
> >
> > David
>
> I think that you made an error
>
> "networkAccessManger->setAttribute(QNetworkRequest::FollowRedirectsAttribute,
> true); "
> Doesn't exist it's a enum from QnetworkRequest::RedirectPolicy
> And FollowRedirectsAttribute is old value
> It seems that we need to use QnetworkRequest::NoLessSafeRedirectPolicy
> directly no ?
>
Yes, the example code is definitely wrong: in the real world redirects
are an attack vector. A few cases to consider:
* Loops of redirects (could happen if the site is broken)
* Leaking sensitive information via e.g. the Referrer header
Regards,
- Johan
More information about the kde-core-devel
mailing list