3 files changed, 13 insertions, 6 deletions

diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp
index 1124337..8dd7a00 100644
--- a/src/network/access/qhttpnetworkconnection.cpp
+++ b/src/network/access/qhttpnetworkconnection.cpp
@@ -372,7 +372,7 @@ void QHttpNetworkConnectionPrivate::createAuthorization(QAbstractSocket *socket,
             QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(channels[i].authenticator);
             if (priv && priv->method != QAuthenticatorPrivate::None) {
                 QByteArray response = priv->calculateResponse(request.d->methodName(), request.d->uri(false));
-                request.setHeaderField("authorization", response);
+                request.setHeaderField("Authorization", response);
             }
         }
     }
@@ -381,7 +381,7 @@ void QHttpNetworkConnectionPrivate::createAuthorization(QAbstractSocket *socket,
             QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(channels[i].proxyAuthenticator);
             if (priv && priv->method != QAuthenticatorPrivate::None) {
                 QByteArray response = priv->calculateResponse(request.d->methodName(), request.d->uri(false));
-                request.setHeaderField("proxy-authorization", response);
+                request.setHeaderField("Proxy-Authorization", response);
             }
         }
     }
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp
index 73a8703..7dfb7af 100644
--- a/src/network/access/qnetworkcookie.cpp
+++ b/src/network/access/qnetworkcookie.cpp
@@ -984,14 +984,14 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt
                     cookie.setExpirationDate(dt);
                 } else if (field.first == "domain") {
                     QByteArray rawDomain = field.second;
+                    QString maybeLeadingDot;
                     if (rawDomain.startsWith('.')) {
+                        maybeLeadingDot = QLatin1Char('.');
                         rawDomain = rawDomain.mid(1);
                     }
+
                     QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain)));
-                    // always add the dot, there are some servers that forget the
-                    // leading dot. This is actually forbidden according to RFC 2109,
-                    // but all browsers accept it anyway so we do that as well
-                    cookie.setDomain(QLatin1Char('.') + normalizedDomain);
+                    cookie.setDomain(maybeLeadingDot + normalizedDomain);
                 } else if (field.first == "max-age") {
                     bool ok = false;
                     int secs = field.second.toInt(&ok);
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 8430966..19f7217 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -198,6 +198,13 @@ bool QNetworkCookieJar::setCookiesFromUrl(const QList<QNetworkCookie> &cookieLis
         if (cookie.domain().isEmpty()) {
             cookie.setDomain(defaultDomain);
         } else {
+            // Ensure the domain starts with a dot if its field was not empty
+            // in the HTTP header. There are some servers that forget the
+            // leading dot and this is actually forbidden according to RFC 2109,
+            // but all browsers accept it anyway so we do that as well.
+            if (!cookie.domain().startsWith(QLatin1Char('.')))
+                cookie.setDomain(QLatin1Char('.') + cookie.domain());
+
             QString domain = cookie.domain();
             if (!(isParentDomain(domain, defaultDomain)
                 || isParentDomain(defaultDomain, domain))) {