summaryrefslogtreecommitdiffstats
path: root/src/network/access
diff options
context:
space:
mode:
authorRobert Hogan <robert@webkit.org>2010-04-27 20:22:19 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2010-04-28 12:26:38 (GMT)
commit483fdd017d9998c6d7f4a035ca615e15fbc97e6a (patch)
tree6bed653a8afc9424049743bcef11b2cdb8f02c5e /src/network/access
parent229251d0bc0024b78a8c0669a09836289c02a7cd (diff)
downloadQt-483fdd017d9998c6d7f4a035ca615e15fbc97e6a.zip
Qt-483fdd017d9998c6d7f4a035ca615e15fbc97e6a.tar.gz
Qt-483fdd017d9998c6d7f4a035ca615e15fbc97e6a.tar.bz2
Secure Cookies should only be sent over secure connections.
http://bugreports.qt.nokia.com/browse/QTBUG-9618 QtWebKit currently fails the following test: LayoutTests/http/tests/xmlhttprequest/cookies.html This is because QNetworkCookieJar::cookiesForUrl returns secure cookies even when the connection is not secure. A 'secure' cookie is set by response headers from a http server as follows: 'Set-Cookie: cookie-name=value; secure' Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the url in the request is not 'https:'. Task-number: QTBUG-9618 Merge-request: 2372 Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Diffstat (limited to 'src/network/access')
-rw-r--r--src/network/access/qnetworkcookiejar.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 8727095..0b3a918 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -269,6 +269,7 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const
Q_D(const QNetworkCookieJar);
QDateTime now = QDateTime::currentDateTime();
QList<QNetworkCookie> result;
+ bool isEncrypted = url.scheme().toLower() == QLatin1String("https");
// scan our cookies for something that matches
QList<QNetworkCookie>::ConstIterator it = d->allCookies.constBegin(),
@@ -280,6 +281,8 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const
continue;
if (!(*it).isSessionCookie() && (*it).expirationDate() < now)
continue;
+ if ((*it).isSecure() && !isEncrypted)
+ continue;
// insert this cookie into result, sorted by path
QList<QNetworkCookie>::Iterator insertIt = result.begin();