From 0d20ec8604b318ceafd6c35dfe1d73519bf024d3 Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Tue, 24 Nov 2009 10:16:13 +0100 Subject: QNetworkCookieJar: don't do path checking when receiving cookies Actually, the RFC 2109 says cookies should not be stored if the path attribute is not a prefix of the request URI the cookie comes from. However, all browsers allow it anyway; with the demo browser e.g. logging in to wordpress.com was not possible. We still do path checking when sending cookies, i.e. in QNetworkCookieJar::cookiesForUrl(). Reviewed-by: Markus Goetz Task-number: QTBUG-5815 --- src/network/access/qnetworkcookiejar.cpp | 7 ++++--- .../qnetworkcookiejar/tst_qnetworkcookiejar.cpp | 23 ++++++++++++++++++++-- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp index 19f7217..f826115 100644 --- a/src/network/access/qnetworkcookiejar.cpp +++ b/src/network/access/qnetworkcookiejar.cpp @@ -192,9 +192,10 @@ bool QNetworkCookieJar::setCookiesFromUrl(const QList &cookieLis // validate the cookie & set the defaults if unset if (cookie.path().isEmpty()) cookie.setPath(defaultPath); - else if (!isParentPath(pathAndFileName, cookie.path())) - continue; // not accepted - + // don't do path checking. See http://bugreports.qt.nokia.com/browse/QTBUG-5815 +// else if (!isParentPath(pathAndFileName, cookie.path())) { +// continue; // not accepted +// } if (cookie.domain().isEmpty()) { cookie.setDomain(defaultDomain); } else { diff --git a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp index ff7e78e..b52c515 100644 --- a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp +++ b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp @@ -168,13 +168,16 @@ void tst_QNetworkCookieJar::setCookiesFromUrl_data() cookie.setDomain("something.completely.different"); QTest::newRow("security-domain-1") << preset << cookie << "http://www.foo.tld" << result << false; - cookie.setDomain("www.foo.tld"); + // we want the cookie to be accepted although the path does not match, see QTBUG-5815 + cookie.setDomain(".foo.tld"); cookie.setPath("/something"); - QTest::newRow("security-path-1") << preset << cookie << "http://www.foo.tld" << result << false; + result += cookie; + QTest::newRow("security-path-1") << preset << cookie << "http://www.foo.tld" << result << true; // setting the defaults: finalCookie = cookie; finalCookie.setPath("/something/"); + finalCookie.setDomain("www.foo.tld"); cookie.setPath(""); cookie.setDomain(""); result.clear(); @@ -285,6 +288,22 @@ void tst_QNetworkCookieJar::cookiesForUrl_data() QTest::newRow("exp-match-4") << allCookies << "http://qt.nokia.com/web" << result; QTest::newRow("exp-match-4") << allCookies << "http://qt.nokia.com/web/" << result; QTest::newRow("exp-match-6") << allCookies << "http://qt.nokia.com/web/content" << result; + + // path matching + allCookies.clear(); + QNetworkCookie anotherCookie; + anotherCookie.setName("a"); + anotherCookie.setPath("/web"); + anotherCookie.setDomain(".nokia.com"); + allCookies += anotherCookie; + result.clear(); + QTest::newRow("path-unmatch-1") << allCookies << "http://nokia.com/" << result; + QTest::newRow("path-unmatch-2") << allCookies << "http://nokia.com/something/else" << result; + result += anotherCookie; + QTest::newRow("path-match-1") << allCookies << "http://nokia.com/web" << result; + QTest::newRow("path-match-2") << allCookies << "http://nokia.com/web/" << result; + QTest::newRow("path-match-3") << allCookies << "http://nokia.com/web/content" << result; + } void tst_QNetworkCookieJar::cookiesForUrl() -- cgit v0.12