Set default redirect policy to NoLessSafeRedirectPolicy

Not following redirects is not a feature, but just a hastle for everyone.

The main issue with switching this default is that applications that
actually do manual redirect handling will break in various ways.

FollowRedirectsAttribute was removed as it no longer serves any
purpose beyond duplicating the default value.

[ChangeLog][Network] QNetworkAccessManager now follows redirects by
default with the NoLessSafeRedirectPolicy.
[ChangeLog][Potentially Source-Incompatible Changes]
QNetworkRequest::FollowRedirectsAttribute was removed and has been
superseded by QNetworkRequest::RedirectsPolicyAttribute

Fixes: QTBUG-85901
Change-Id: Ic5b776180a4b84ac4fc895158bb5a66a3c91a042
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Timur Pocheptsov <[email protected]>

1 files changed, 8 insertions, 18 deletions

diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp
index 46c4648cbe8..03a7f0b1760 100644
--- a/src/network/access/qnetworkrequest.cpp
+++ b/src/network/access/qnetworkrequest.cpp
@@ -168,13 +168,11 @@ QT_BEGIN_NAMESPACE
     \value RedirectionTargetAttribute
         Replies only, type: QMetaType::QUrl (no default)
         If present, it indicates that the server is redirecting the
-        request to a different URL. The Network Access API does not by
-        default follow redirections: the application can
-        determine if the requested redirection should be allowed,
-        according to its security policies, or it can set
-        QNetworkRequest::FollowRedirectsAttribute to true (in which case
-        the redirection will be followed and this attribute will not
-        be present in the reply).
+        request to a different URL. The Network Access API does follow
+        redirections by default, but if
+        QNetworkRequest::ManualRedirectPolicy is enabled and
+        the redirect was not handled in redirected() then this
+        attribute will be present.
         The returned URL might be relative. Use QUrl::resolved()
         to create an absolute URL out of it.
 
@@ -288,13 +286,6 @@ QT_BEGIN_NAMESPACE
         in 100 millisecond intervals.
         (This value was introduced in 5.5.)
 
-    \value FollowRedirectsAttribute
-        Requests only, type: QMetaType::Bool (default: false)
-        Indicates whether the Network Access API should automatically follow a
-        HTTP redirect response or not. Currently redirects that are insecure,
-        that is redirecting from "https" to "http" protocol, are not allowed.
-        (This value was introduced in 5.6.)
-
     \value OriginalContentLengthAttribute
         Replies only, type QMetaType::Int
         Holds the original content-length attribute before being invalidated and
@@ -304,8 +295,8 @@ QT_BEGIN_NAMESPACE
 
     \value RedirectPolicyAttribute
         Requests only, type: QMetaType::Int, should be one of the
-        QNetworkRequest::RedirectPolicy values (default: ManualRedirectPolicy).
-        This attribute obsoletes FollowRedirectsAttribute.
+        QNetworkRequest::RedirectPolicy values
+        (default: NoLessSafeRedirectPolicy).
         (This value was introduced in 5.9.)
 
     \value Http2DirectAttribute
@@ -386,8 +377,6 @@ QT_BEGIN_NAMESPACE
 
     \value NoLessSafeRedirectPolicy    Only "http"->"http", "http" -> "https"
                                        or "https" -> "https" redirects are allowed.
-                                       Equivalent to setting the old FollowRedirectsAttribute
-                                       to true
 
     \value SameOriginRedirectPolicy    Require the same protocol, host and port.
                                        Note, http://example.com and http://example.com:80
@@ -493,6 +482,7 @@ public:
 QNetworkRequest::QNetworkRequest()
     : d(new QNetworkRequestPrivate)
 {
+
 #if QT_CONFIG(http)
     // Initial values proposed by RFC 7540 are quite draconian,
     // so unless an application will set its own parameters, we