diff options
author | Robert Hogan <robert@webkit.org> | 2010-04-27 20:22:19 (GMT) |
---|---|---|
committer | Samuli Piippo <samuli.piippo@digia.com> | 2011-06-09 10:05:48 (GMT) |
commit | dcdcc1e16187a05049b3f5bfcb667049d340f113 (patch) | |
tree | 5e5fdf1e286e660aadab6d4854b1248d3dda5264 /src/network | |
parent | b775df59b34cdf53e5bc9a7e6108533f443fe8b4 (diff) | |
download | Qt-dcdcc1e16187a05049b3f5bfcb667049d340f113.zip Qt-dcdcc1e16187a05049b3f5bfcb667049d340f113.tar.gz Qt-dcdcc1e16187a05049b3f5bfcb667049d340f113.tar.bz2 |
Secure Cookies should only be sent over secure connections.
http://bugreports.qt.nokia.com/browse/QTBUG-9618
QtWebKit currently fails the following test:
LayoutTests/http/tests/xmlhttprequest/cookies.html
This is because QNetworkCookieJar::cookiesForUrl returns secure
cookies even when the connection is not secure.
A 'secure' cookie is set by response headers from a http server as follows:
'Set-Cookie: cookie-name=value; secure'
Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the
url in the request is not 'https:'.
Task-number: QTBUG-9618
Merge-request: 2372
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
(cherry picked from commit 483fdd017d9998c6d7f4a035ca615e15fbc97e6a)
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/access/qnetworkcookiejar.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp index 664557c..5d68c47 100644 --- a/src/network/access/qnetworkcookiejar.cpp +++ b/src/network/access/qnetworkcookiejar.cpp @@ -269,6 +269,7 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const Q_D(const QNetworkCookieJar); QDateTime now = QDateTime::currentDateTime(); QList<QNetworkCookie> result; + bool isEncrypted = url.scheme().toLower() == QLatin1String("https"); // scan our cookies for something that matches QList<QNetworkCookie>::ConstIterator it = d->allCookies.constBegin(), @@ -280,6 +281,8 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const continue; if (!(*it).isSessionCookie() && (*it).expirationDate() < now) continue; + if ((*it).isSecure() && !isEncrypted) + continue; // insert this cookie into result, sorted by path QList<QNetworkCookie>::Iterator insertIt = result.begin(); |