Secure Cookies should only be sent over secure connections.

http://bugreports.qt.nokia.com/browse/QTBUG-9618

QtWebKit currently fails the following test:

LayoutTests/http/tests/xmlhttprequest/cookies.html

This is because QNetworkCookieJar::cookiesForUrl returns secure
cookies even when the connection is not secure.

A 'secure' cookie is set by response headers from a http  server as follows:

'Set-Cookie: cookie-name=value; secure'

Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the
url in the request is not 'https:'.

Task-number: QTBUG-9618
Merge-request: 2372
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
(cherry picked from commit 483fdd017d9998c6d7f4a035ca615e15fbc97e6a)

1 files changed, 12 insertions, 0 deletions

diff --git a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
index 9751fe9..889defe 100644
--- a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
+++ b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
@@ -304,6 +304,18 @@ void tst_QNetworkCookieJar::cookiesForUrl_data()
     QTest::newRow("path-match-2") << allCookies << "http://nokia.com/web/" << result;
     QTest::newRow("path-match-3") << allCookies << "http://nokia.com/web/content" << result;
 
+    // secure cookies
+    allCookies.clear();
+    result.clear();
+    QNetworkCookie secureCookie;
+    secureCookie.setName("a");
+    secureCookie.setPath("/web");
+    secureCookie.setDomain(".nokia.com");
+    secureCookie.setSecure(true);
+    allCookies += secureCookie;
+    QTest::newRow("no-match-secure-1") << allCookies << "http://nokia.com/web" << result;
+    QTest::newRow("no-match-secure-2") << allCookies << "http://qt.nokia.com/web" << result;
+
 }
 
 void tst_QNetworkCookieJar::cookiesForUrl()