1 files changed, 12 insertions, 1 deletions

diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 429b71eb21..232c2b47a5 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -43,7 +43,9 @@
 #include "QtNetwork/qnetworkcookie.h"
 #include "QtCore/qurl.h"
 #include "QtCore/qdatetime.h"
+#if QT_CONFIG(topleveldomain)
 #include "private/qtldurl_p.h"
+#endif
 
 QT_BEGIN_NAMESPACE
 
@@ -335,11 +337,20 @@ bool QNetworkCookieJar::validateCookie(const QNetworkCookie &cookie, const QUrl
     if (!isParentDomain(domain, host) && !isParentDomain(host, domain))
         return false; // not accepted
 
+    if (domain.startsWith(QLatin1Char('.')))
+        domain = domain.mid(1);
+
+#if QT_CONFIG(topleveldomain)
     // the check for effective TLDs makes the "embedded dot" rule from RFC 2109 section 4.3.2
     // redundant; the "leading dot" rule has been relaxed anyway, see QNetworkCookie::normalize()
     // we remove the leading dot for this check if it's present
-    if (qIsEffectiveTLD(domain.startsWith('.') ? domain.remove(0, 1) : domain))
+    if (qIsEffectiveTLD(domain))
         return false; // not accepted
+#else
+    // provide minimal checking by not accepting cookies on real TLDs
+    if (!domain.contains(QLatin1Char('.')))
+        return false;
+#endif
 
     return true;
 }