summaryrefslogtreecommitdiffstats
path: root/header.LGPL-ONLY
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2010-11-19 14:24:35 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2011-01-05 15:19:49 (GMT)
commit0c07af230d016aab6e416ae57594189ab9953101 (patch)
tree8c43ecdf2c622a8f5a9a6ee5bb96a36b9c90e3c5 /header.LGPL-ONLY
parent4836d809f5dc3fc9e978ef630c0e5c8847c171a7 (diff)
downloadQt-0c07af230d016aab6e416ae57594189ab9953101.zip
Qt-0c07af230d016aab6e416ae57594189ab9953101.tar.gz
Qt-0c07af230d016aab6e416ae57594189ab9953101.tar.bz2
cookie jar code: enhance security by keeping track of effective TLDs
The problem was the following: According to the cookie RFC, domains must have at least one dot in their name for setting a cookie (e.g. domain example.com can set a cookie for ".example.com" but not for ".com"). The problem is: Following this rule, one could still set "supercookies" for e.g. ".co.uk". The solution is to generate a table from http://publicsuffix.org which maintains a list of all "effective" TLDs like e.g. ".co.uk". Reviewed-by: Olivier Goffart Task-number: QTBUG-14706
Diffstat (limited to 'header.LGPL-ONLY')
0 files changed, 0 insertions, 0 deletions