summaryrefslogtreecommitdiffstats
path: root/src/network
diff options
context:
space:
mode:
authorRobert Hogan <robert@webkit.org>2010-04-27 20:22:19 (GMT)
committerSamuli Piippo <samuli.piippo@digia.com>2011-06-09 10:05:48 (GMT)
commitdcdcc1e16187a05049b3f5bfcb667049d340f113 (patch)
tree5e5fdf1e286e660aadab6d4854b1248d3dda5264 /src/network
parentb775df59b34cdf53e5bc9a7e6108533f443fe8b4 (diff)
downloadQt-dcdcc1e16187a05049b3f5bfcb667049d340f113.zip
Qt-dcdcc1e16187a05049b3f5bfcb667049d340f113.tar.gz
Qt-dcdcc1e16187a05049b3f5bfcb667049d340f113.tar.bz2
Secure Cookies should only be sent over secure connections.
http://bugreports.qt.nokia.com/browse/QTBUG-9618 QtWebKit currently fails the following test: LayoutTests/http/tests/xmlhttprequest/cookies.html This is because QNetworkCookieJar::cookiesForUrl returns secure cookies even when the connection is not secure. A 'secure' cookie is set by response headers from a http server as follows: 'Set-Cookie: cookie-name=value; secure' Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the url in the request is not 'https:'. Task-number: QTBUG-9618 Merge-request: 2372 Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com> (cherry picked from commit 483fdd017d9998c6d7f4a035ca615e15fbc97e6a)
Diffstat (limited to 'src/network')
-rw-r--r--src/network/access/qnetworkcookiejar.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 664557c..5d68c47 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -269,6 +269,7 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const
Q_D(const QNetworkCookieJar);
QDateTime now = QDateTime::currentDateTime();
QList<QNetworkCookie> result;
+ bool isEncrypted = url.scheme().toLower() == QLatin1String("https");
// scan our cookies for something that matches
QList<QNetworkCookie>::ConstIterator it = d->allCookies.constBegin(),
@@ -280,6 +281,8 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const
continue;
if (!(*it).isSessionCookie() && (*it).expirationDate() < now)
continue;
+ if ((*it).isSecure() && !isEncrypted)
+ continue;
// insert this cookie into result, sorted by path
QList<QNetworkCookie>::Iterator insertIt = result.begin();