diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-02-22 18:22:02 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-02-23 14:21:35 +0000 |
commit | b48e960969bee08174c79d6660de1e448f1c6b5c (patch) | |
tree | 0829d91de70220d759d55db9060b923b3482f3f4 | |
parent | 8fd6cef3724b2d676c5f6ae235956192d85eac39 (diff) |
HSTS - API/naming fixes
As recommended in API review: use 'is...STS...Enabled' and 'set...STS..Enabled(bool)'
function names instead of stsEnabled and separate enable/disable functions.
Replace QList with QVector in the public API.
Change-Id: I1526124c830450058967ebc192d27575cc89292d
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
-rw-r--r-- | src/network/access/qhsts.cpp | 14 | ||||
-rw-r--r-- | src/network/access/qhsts_p.h | 8 | ||||
-rw-r--r-- | src/network/access/qhstspolicy.cpp | 2 | ||||
-rw-r--r-- | src/network/access/qnetworkaccessmanager.cpp | 40 | ||||
-rw-r--r-- | src/network/access/qnetworkaccessmanager.h | 10 | ||||
-rw-r--r-- | src/network/access/qnetworkreply.cpp | 2 |
6 files changed, 34 insertions, 42 deletions
diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp index 5e4f75b0ed..3581fbc796 100644 --- a/src/network/access/qhsts.cpp +++ b/src/network/access/qhsts.cpp @@ -39,9 +39,9 @@ #include "qhsts_p.h" -#include "QtCore/qstringlist.h" - #include "QtCore/private/qipaddress_p.h" +#include "QtCore/qvector.h" +#include "QtCore/qlist.h" QT_BEGIN_NAMESPACE @@ -84,7 +84,7 @@ void QHstsCache::updateFromHeaders(const QList<QPair<QByteArray, QByteArray>> &h updateKnownHost(url.host(), parser.expirationDate(), parser.includeSubDomains()); } -void QHstsCache::updateFromPolicies(const QList<QHstsPolicy> &policies) +void QHstsCache::updateFromPolicies(const QVector<QHstsPolicy> &policies) { for (const auto &policy : policies) updateKnownHost(policy.host(), policy.expiry(), policy.includesSubDomains()); @@ -183,9 +183,13 @@ void QHstsCache::clear() knownHosts.clear(); } -QList<QHstsPolicy> QHstsCache::policies() const +QVector<QHstsPolicy> QHstsCache::policies() const { - return knownHosts.values(); + QVector<QHstsPolicy> values; + values.reserve(knownHosts.size()); + for (const auto &host : knownHosts) + values << host; + return values; } // The parser is quite simple: 'nextToken' knowns exactly what kind of tokens diff --git a/src/network/access/qhsts_p.h b/src/network/access/qhsts_p.h index 5d95f39b96..ab3ca536fb 100644 --- a/src/network/access/qhsts_p.h +++ b/src/network/access/qhsts_p.h @@ -57,26 +57,28 @@ #include <QtCore/qdatetime.h> #include <QtCore/qstring.h> #include <QtCore/qglobal.h> -#include <QtCore/qlist.h> #include <QtCore/qpair.h> #include <QtCore/qurl.h> #include <QtCore/qmap.h> QT_BEGIN_NAMESPACE +template<typename T> class QList; +template <typename T> class QVector; + class Q_AUTOTEST_EXPORT QHstsCache { public: void updateFromHeaders(const QList<QPair<QByteArray, QByteArray>> &headers, const QUrl &url); - void updateFromPolicies(const QList<QHstsPolicy> &hosts); + void updateFromPolicies(const QVector<QHstsPolicy> &hosts); void updateKnownHost(const QUrl &url, const QDateTime &expires, bool includeSubDomains); bool isKnownHost(const QUrl &url) const; void clear(); - QList<QHstsPolicy> policies() const; + QVector<QHstsPolicy> policies() const; private: diff --git a/src/network/access/qhstspolicy.cpp b/src/network/access/qhstspolicy.cpp index 6922e1d8f9..e8b4e0aeff 100644 --- a/src/network/access/qhstspolicy.cpp +++ b/src/network/access/qhstspolicy.cpp @@ -60,7 +60,7 @@ QT_BEGIN_NAMESPACE applies to subdomains, either in the constructor or by calling setExpiry(), setHost() and setIncludesSubdomains(). - \sa QNetworkAccessManager::enableStrictTransportSecurity() + \sa QNetworkAccessManager::setStrictTransportSecurityEnabled() */ class QHstsPolicyPrivate diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp index 19e9ecc265..0b03865df8 100644 --- a/src/network/access/qnetworkaccessmanager.cpp +++ b/src/network/access/qnetworkaccessmanager.cpp @@ -697,36 +697,22 @@ void QNetworkAccessManager::setCookieJar(QNetworkCookieJar *cookieJar) /*! \since 5.9 - Enables HTTP Strict Transport Security (HSTS, RFC6797). When processing a - request, QNetworkAccessManager automatically replaces "http" scheme with - "https" and uses a secure transport if a host is a known HSTS host. - Port 80 if it's set explicitly is replaced by port 443. + If \a enabled is \c true, QNetworkAccessManager follows the HTTP Strict Transport + Security policy (HSTS, RFC6797). When processing a request, QNetworkAccessManager + automatically replaces the "http" scheme with "https" and uses a secure transport + for HSTS hosts. If it's set explicitly, port 80 is replaced by port 443. When HSTS is enabled, for each HTTP response containing HSTS header and received over a secure transport, QNetworkAccessManager will update its HSTS cache, either remembering a host with a valid policy or removing a host with - expired/disabled HSTS policy. + an expired or disabled HSTS policy. - \sa disableStrictTransportSecurity(), strictTransportSecurityEnabled() + \sa isStrictTransportSecurityEnabled() */ -void QNetworkAccessManager::enableStrictTransportSecurity() +void QNetworkAccessManager::setStrictTransportSecurityEnabled(bool enabled) { Q_D(QNetworkAccessManager); - d->stsEnabled = true; -} - -/*! - \since 5.9 - - Disables HTTP Strict Transport Security (HSTS). HSTS headers in responses would - be ignored, no scheme/port mapping is done. - - \sa enableStrictTransportSecurity() -*/ -void QNetworkAccessManager::disableStrictTransportSecurity() -{ - Q_D(QNetworkAccessManager); - d->stsEnabled = false; + d->stsEnabled = enabled; } /*! @@ -735,9 +721,9 @@ void QNetworkAccessManager::disableStrictTransportSecurity() Returns true if HTTP Strict Transport Security (HSTS) was enabled. By default HSTS is disabled. - \sa enableStrictTransportSecurity + \sa setStrictTransportSecurityEnabled() */ -bool QNetworkAccessManager::strictTransportSecurityEnabled() const +bool QNetworkAccessManager::isStrictTransportSecurityEnabled() const { Q_D(const QNetworkAccessManager); return d->stsEnabled; @@ -761,7 +747,7 @@ bool QNetworkAccessManager::strictTransportSecurityEnabled() const \sa addStrictTransportSecurityHosts(), QHstsPolicy */ -void QNetworkAccessManager::addStrictTransportSecurityHosts(const QList<QHstsPolicy> &knownHosts) +void QNetworkAccessManager::addStrictTransportSecurityHosts(const QVector<QHstsPolicy> &knownHosts) { Q_D(QNetworkAccessManager); d->stsCache.updateFromPolicies(knownHosts); @@ -776,7 +762,7 @@ void QNetworkAccessManager::addStrictTransportSecurityHosts(const QList<QHstsPol \sa addStrictTransportSecurityHosts(), QHstsPolicy */ -QList<QHstsPolicy> QNetworkAccessManager::strictTransportSecurityHosts() const +QVector<QHstsPolicy> QNetworkAccessManager::strictTransportSecurityHosts() const { Q_D(const QNetworkAccessManager); return d->stsCache.policies(); @@ -1390,7 +1376,7 @@ QNetworkReply *QNetworkAccessManager::createRequest(QNetworkAccessManager::Opera #endif ) { #ifndef QT_NO_SSL - if (strictTransportSecurityEnabled() && d->stsCache.isKnownHost(request.url())) { + if (isStrictTransportSecurityEnabled() && d->stsCache.isKnownHost(request.url())) { QUrl stsUrl(request.url()); // RFC6797, 8.3: // The UA MUST replace the URI scheme with "https" [RFC2818], diff --git a/src/network/access/qnetworkaccessmanager.h b/src/network/access/qnetworkaccessmanager.h index 52769627f3..7a03a29377 100644 --- a/src/network/access/qnetworkaccessmanager.h +++ b/src/network/access/qnetworkaccessmanager.h @@ -42,6 +42,7 @@ #include <QtNetwork/qtnetworkglobal.h> #include <QtNetwork/qnetworkrequest.h> +#include <QtCore/QVector> #include <QtCore/QObject> #ifndef QT_NO_SSL #include <QtNetwork/QSslConfiguration> @@ -121,11 +122,10 @@ public: QNetworkCookieJar *cookieJar() const; void setCookieJar(QNetworkCookieJar *cookieJar); - void enableStrictTransportSecurity(); - void disableStrictTransportSecurity(); - bool strictTransportSecurityEnabled() const; - void addStrictTransportSecurityHosts(const QList<QHstsPolicy> &knownHosts); - QList<QHstsPolicy> strictTransportSecurityHosts() const; + void setStrictTransportSecurityEnabled(bool enabled); + bool isStrictTransportSecurityEnabled() const; + void addStrictTransportSecurityHosts(const QVector<QHstsPolicy> &knownHosts); + QVector<QHstsPolicy> strictTransportSecurityHosts() const; QNetworkReply *head(const QNetworkRequest &request); QNetworkReply *get(const QNetworkRequest &request); diff --git a/src/network/access/qnetworkreply.cpp b/src/network/access/qnetworkreply.cpp index ca27e66791..79afd21a1a 100644 --- a/src/network/access/qnetworkreply.cpp +++ b/src/network/access/qnetworkreply.cpp @@ -736,7 +736,7 @@ void QNetworkReply::setSslConfiguration(const QSslConfiguration &config) this function has no effect. \sa sslConfiguration(), sslErrors(), QSslSocket::ignoreSslErrors(), - QNetworkAccessManager::enableStrictTransportSecurity() + QNetworkAccessManager::setStrictTransportSecurityEnabled() */ void QNetworkReply::ignoreSslErrors(const QList<QSslError> &errors) { |