mirror of
https://github.com/ankitects/anki.git
synced 2025-11-12 15:47:12 -05:00
24bca15fd3
We were previously inspecting the referrer, but that is spoofable, and doesn't guard against other processes on the machine. To accomplish this, we use a request interceptor to automatically add an auth token to webviews with the right context. Some related changes were required: - We avoid storing _page, which was leading to leaks & warning on exit - At webview creation (or set_kind() invocation), we assign either an authenticated or unauthenticated web profile. - Some of our screens initialize the AnkiWebView when calling, e.g., aqt.forms.stats.Ui_Dialog(). They then immediately call .set_kind(). This reveals a race condition in our DOM handling code: the webview initialization creates an empty page with the injected script, which causes a domDone signal to be sent back. This signal arrives after we've created another page with .set_kind(), causing our code to think the DOM is ready when it's not. Then when we try to inject the dynamic styling, we get an error, as the DOM is not ready yet. In the absence of better solutions, I've added a hack to set_kind() to deal with this for now. |
||
|---|---|---|
| .. | ||
| aqt | ||
| bundle | ||
| icons | ||
| mac | ||
| tests | ||
| tools | ||
| .isort.cfg | ||
| README.md | ||
| runanki.py | ||
Python's Qt GUI is in aqt/