QNAM HTTP: Introduce attributes for controlling cookies and auth

Introduced QNetworkRequest::CookieLoadControlAttribute,
QNetworkRequest::CookieSaveControlAttribute and
QNetworkRequest::AuthenticationReuseControlAttribute

These are true by default. They only come into play when QtWebKit
processes a cross-origin XMLHttpRequest. In such cases QtWebKit sets
each of the attributes to false when it creates a QNetworkRequest
where the XMLHttpRequest is cross-origin and has withCredentials
set to false:

var req = new XMLHttpRequest;
req.open("GET", "http://host/resource.php", false);
req.withCredentials = false; // actually false by default

For more information:
   http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag

The QtWebKit counterpart of this patch is tracked at:
   https://bugs.webkit.org/show_bug.cgi?id=32967

Merge-Request: 592
Reviewed-by: Markus Goetz

1 files changed, 45 insertions, 0 deletions

diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp
index 61c116d..79f169f 100644
--- a/src/network/access/qnetworkrequest.cpp
+++ b/src/network/access/qnetworkrequest.cpp
@@ -190,6 +190,40 @@ QT_BEGIN_NAMESPACE
         of other verbs than GET, POST, PUT and DELETE). This verb is set
         when calling QNetworkAccessManager::sendCustomRequest().
 
+    \value CookieLoadControlAttribute
+        Requests only, type: QVariant::Int (default: QNetworkRequest::Automatic)
+        Indicates whether to send 'Cookie' headers in the request.
+
+        This attribute is set to false by QtWebKit when creating a cross-origin
+        XMLHttpRequest where withCredentials has not been set explicitly to true by the
+        Javascript that created the request.
+
+        See http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag for more information.
+
+     \value CookieSaveControlAttribute
+        Requests only, type: QVariant::Int (default: QNetworkRequest::Automatic)
+        Indicates whether to save 'Cookie' headers received from the server in reply
+        to the request.
+
+        This attribute is set to false by QtWebKit when creating a cross-origin
+        XMLHttpRequest where withCredentials has not been set explicitly to true by the
+        Javascript that created the request.
+
+        See http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag for more information.
+
+     \value AuthenticationReuseControlAttribute
+        Requests only, type: QVariant::Int (default: QNetworkRequest::Automatic)
+        Indicates whether to use cached authorization credentials in the request,
+        if available. If this is set to QNetworkRequest::Manual and the authentication
+        mechanism is 'Basic' or 'Digest', Qt will not send an an 'Authorization' HTTP
+        header with any cached credentials it may have for the request's URL.
+
+        This attribute is set to QNetworkRequest::Manual by QtWebKit when creating a cross-origin
+        XMLHttpRequest where withCredentials has not been set explicitly to true by the
+        Javascript that created the request.
+
+        See http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag for more information.
+
     \value User
         Special type. Additional information can be passed in
         QVariants with types ranging from User to UserMax. The default
@@ -222,6 +256,17 @@ QT_BEGIN_NAMESPACE
     if the item was not cached (i.e., off-line mode)
 */
 
+/*!
+    \enum QNetworkRequest::LoadControl
+
+    Indicates if an aspect of the request's loading mechanism has been
+    manually overridden, e.g. by QtWebKit.
+
+    \value Automatic            default value: indicates default behaviour.
+
+    \value Manual               indicates behaviour has been manually overridden.
+*/
+
 class QNetworkRequestPrivate: public QSharedData, public QNetworkHeadersPrivate
 {
 public: