qute:// pages fail with content.local_content_can_access_file_urls set to false

[The-Compiler]

On cc8e679 with QtWebEngine 5.15.2, doing:

qutebrowser --temp-basedir --debug -s content.pdfjs true -s content.local_content_can_access_file_urls false https://orimi.com/pdf-test.pdf      

results in:

16:07:11 WARNING  network    webenginequtescheme:_check_initiator:67 Blocking malicious request from null to qute://pdfjs/web/viewer.css
16:07:11 WARNING  network    webenginequtescheme:_check_initiator:67 Blocking malicious request from null to qute://pdfjs/build/pdf.js
16:07:11 WARNING  network    webenginequtescheme:_check_initiator:67 Blocking malicious request from null to qute://pdfjs/web/viewer.js
16:07:11 WARNING  network    webenginequtescheme:_check_initiator:67 Blocking malicious request from null to qute://pdfjs/build/pdf.js
16:07:11 WARNING  network    webenginequtescheme:_check_initiator:67 Blocking malicious request from null to qute://pdfjs/web/viewer.js
16:07:11 DEBUG    js         shared:javascript_log_message:156 [qute://pdfjs/web/viewer.html?filename=tmpckueiaat_pdf-test.pdf&file=&source=https://orimi.com/pdf-test.pdf:407] Uncaught TypeError: Cannot read property 'set' of undefined

similarly for qute://history:

16:08:43 WARNING  network    webenginequtescheme:_check_initiator:67 Blocking malicious request from null to qute://javascript/history.js
16:08:43 DEBUG    js         shared:javascript_log_message:156 [qute://history/:146] Uncaught TypeError: window.loadHistory is not a function

and perhaps others too. Workaround:

diff --git i/qutebrowser/config/websettings.py w/qutebrowser/config/websettings.py
index 7556d2b6d..1e828a1c8 100644
--- i/qutebrowser/config/websettings.py
+++ w/qutebrowser/config/websettings.py
@@ -249,9 +249,13 @@ def init(args: argparse.Namespace) -> None:
 
     # Make sure special URLs always get JS support
     for pattern in ['chrome://*/*', 'qute://*/*']:
-        config.instance.set_obj('content.javascript.enabled', True,
-                                pattern=urlmatch.UrlPattern(pattern),
-                                hide_userconfig=True)
+        for setting in [
+            'content.javascript.enabled',
+            'content.local_content_can_access_file_urls',
+        ]:
+            config.instance.set_obj(setting, True,
+                                    pattern=urlmatch.UrlPattern(pattern),
+                                    hide_userconfig=True)
 
 
 def clear_private_data() -> None:

but before applying that I'd first like to understand what's going on, and if we perhaps just need to tweak our QWebEngineUrlScheme registration somehow (or perhaps this is a QtWebEngine bug even?).

Original report: https://lists.schokokeks.org/pipermail/qutebrowser/2021-July/000862.html

To get an equivalent workaround, use :set -u qute://* content.local_content_can_access_file_urls true.