diff options
author | Robert Hogan <robert@webkit.org> | 2010-04-27 20:22:19 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2010-04-28 12:26:38 (GMT) |
commit | 483fdd017d9998c6d7f4a035ca615e15fbc97e6a (patch) | |
tree | 6bed653a8afc9424049743bcef11b2cdb8f02c5e /src/network/access | |
parent | 229251d0bc0024b78a8c0669a09836289c02a7cd (diff) | |
download | Qt-483fdd017d9998c6d7f4a035ca615e15fbc97e6a.zip Qt-483fdd017d9998c6d7f4a035ca615e15fbc97e6a.tar.gz Qt-483fdd017d9998c6d7f4a035ca615e15fbc97e6a.tar.bz2 |
Secure Cookies should only be sent over secure connections.
http://bugreports.qt.nokia.com/browse/QTBUG-9618
QtWebKit currently fails the following test:
LayoutTests/http/tests/xmlhttprequest/cookies.html
This is because QNetworkCookieJar::cookiesForUrl returns secure
cookies even when the connection is not secure.
A 'secure' cookie is set by response headers from a http server as follows:
'Set-Cookie: cookie-name=value; secure'
Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the
url in the request is not 'https:'.
Task-number: QTBUG-9618
Merge-request: 2372
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Diffstat (limited to 'src/network/access')
-rw-r--r-- | src/network/access/qnetworkcookiejar.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp index 8727095..0b3a918 100644 --- a/src/network/access/qnetworkcookiejar.cpp +++ b/src/network/access/qnetworkcookiejar.cpp @@ -269,6 +269,7 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const Q_D(const QNetworkCookieJar); QDateTime now = QDateTime::currentDateTime(); QList<QNetworkCookie> result; + bool isEncrypted = url.scheme().toLower() == QLatin1String("https"); // scan our cookies for something that matches QList<QNetworkCookie>::ConstIterator it = d->allCookies.constBegin(), @@ -280,6 +281,8 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const continue; if (!(*it).isSessionCookie() && (*it).expirationDate() < now) continue; + if ((*it).isSecure() && !isEncrypted) + continue; // insert this cookie into result, sorted by path QList<QNetworkCookie>::Iterator insertIt = result.begin(); |