summaryrefslogtreecommitdiffstats
path: root/src/network/access/qnetworkcookiejar.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/access/qnetworkcookiejar.cpp')
-rw-r--r--src/network/access/qnetworkcookiejar.cpp11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 429b71eb21..0540cb740f 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -335,11 +335,20 @@ bool QNetworkCookieJar::validateCookie(const QNetworkCookie &cookie, const QUrl
if (!isParentDomain(domain, host) && !isParentDomain(host, domain))
return false; // not accepted
+ if (domain.startsWith(QLatin1Char('.')))
+ domain = domain.mid(1);
+
+#if QT_CONFIG(topleveldomain)
// the check for effective TLDs makes the "embedded dot" rule from RFC 2109 section 4.3.2
// redundant; the "leading dot" rule has been relaxed anyway, see QNetworkCookie::normalize()
// we remove the leading dot for this check if it's present
- if (qIsEffectiveTLD(domain.startsWith('.') ? domain.remove(0, 1) : domain))
+ if (qIsEffectiveTLD(domain))
return false; // not accepted
+#else
+ // provide minimal checking by not accepting cookies on real TLDs
+ if (!domain.contains(QLatin1Char('.')))
+ return false;
+#endif
return true;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 18:09:32 +0000