Banning QNetworkAccessManager

Volker Krause vkrause at kde.org
Mon Feb 3 12:29:47 GMT 2020


On Monday, 3 February 2020 10:49:10 CET David Edmundson wrote:
> I updated:
> 
> https://community.kde.org/Policies/API_to_Avoid
> 
> Which had no mention of this.

Thanks for taking care of this! 

I'd propose a slightly different approach than the per-request all-or-nothing 
attribute mentioned in the wiki though, using the redirection policy on QNAM, 
which prevents redirects to non-TLS connections:

nam->setRedirectPolicy(QNetworkRequest::NoLessSafeRedirectPolicy);

And while we are at it, let's also enable HSTS:

nam->setStrictTransportSecurityEnabled(true); 
nam->enableStrictTransportSecurityStore(true); 


Regards,
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20200203/d871d82b/attachment.sig>


More information about the Kde-frameworks-devel mailing list