diff options
author | Shane Kearns <ext-shane.2.kearns@nokia.com> | 2012-06-08 14:56:11 +0100 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2012-06-27 00:46:35 +0200 |
commit | 058fddd1c01d49ee9fe8b70587a088d73f2c8e3c (patch) | |
tree | fc732f423b90b0721a9596048c6369f2fabcca3e /src/network/access/qnetworkcookie.cpp | |
parent | d76bd0d7358b1c061f3c685a9256243eb9f11d7a (diff) |
Use RFC6265 rules for cookie path & path matching
Url encoding of paths is no longer used. This matches the
current release behaviour of Firefox, Chrome and MSIE browsers.
RFC6265 does not allow this type of encoding.
This fixes remaining path test cases in the IETF test suite.
Currently the path0027 test is passed by Firefox but failed by
Chrome and MSIE, so there is a potential compatibility issue.
However it is a corner case with a malformed cookie.
Task-number: QTBUG-15794
Change-Id: I9b02bb5adc32d614f512d314d06f2c60894aa2b0
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/access/qnetworkcookie.cpp')
-rw-r--r-- | src/network/access/qnetworkcookie.cpp | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp index 306195addb..5a75dd55e8 100644 --- a/src/network/access/qnetworkcookie.cpp +++ b/src/network/access/qnetworkcookie.cpp @@ -466,7 +466,7 @@ QByteArray QNetworkCookie::toRawForm(RawForm form) const } if (!d->path.isEmpty()) { result += "; path="; - result += QUrl::toPercentEncoding(d->path, "/"); + result += d->path.toUtf8(); } } return result; @@ -954,8 +954,15 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt } //if unparsed, ignore the attribute but not the whole cookie (RFC6265 section 5.2.2) } else if (field.first == "path") { - QString path = QUrl::fromPercentEncoding(field.second); - cookie.setPath(path); + if (field.second.startsWith('/')) { + // ### we should treat cookie paths as an octet sequence internally + // However RFC6265 says we should assume UTF-8 for presentation as a string + cookie.setPath(QString::fromUtf8(field.second)); + } else { + // if the path doesn't start with '/' then set the default path (RFC6265 section 5.2.4) + // and also IETF test case path0030 which has valid and empty path in the same cookie + cookie.setPath(QString()); + } } else if (field.first == "secure") { cookie.setSecure(true); } else if (field.first == "httponly") { |