diff options
Diffstat (limited to 'src/network/access')
-rw-r--r-- | src/network/access/qnetworkaccessmanager.cpp | 4 | ||||
-rw-r--r-- | src/network/access/qnetworkcookiejar.cpp | 16 |
2 files changed, 19 insertions, 1 deletions
diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp index 07644b869f..35e79a69f2 100644 --- a/src/network/access/qnetworkaccessmanager.cpp +++ b/src/network/access/qnetworkaccessmanager.cpp @@ -178,7 +178,9 @@ static void ensureInitialized() it sends. It contains the proxy and cache configuration, as well as the signals related to such issues, and reply signals that can be used to monitor the progress of a network operation. One QNetworkAccessManager - should be enough for the whole Qt application. + instance should be enough for the whole Qt application. Since + QNetworkAccessManager is based on QObject, it can only be used from the + thread it belongs to. Once a QNetworkAccessManager object has been created, the application can use it to send requests over the network. A group of standard functions diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp index f62a03b11d..2ec4acf26c 100644 --- a/src/network/access/qnetworkcookiejar.cpp +++ b/src/network/access/qnetworkcookiejar.cpp @@ -241,6 +241,17 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const if ((*it).isSecure() && !isEncrypted) continue; + QString domain = it->domain(); + if (domain.startsWith(QLatin1Char('.'))) /// Qt6?: remove when compliant with RFC6265 + domain = domain.mid(1); +#if QT_CONFIG(topleveldomain) + if (qIsEffectiveTLD(domain) && url.host() != domain) + continue; +#else + if (!domain.contains(QLatin1Char('.')) && url.host() != domain) + continue; +#endif // topleveldomain + // insert this cookie into result, sorted by path QList<QNetworkCookie>::Iterator insertIt = result.begin(); while (insertIt != result.end()) { @@ -340,6 +351,11 @@ bool QNetworkCookieJar::validateCookie(const QNetworkCookie &cookie, const QUrl if (domain.startsWith(QLatin1Char('.'))) domain = domain.mid(1); + // We shouldn't reject if: + // "[...] the domain-attribute is identical to the canonicalized request-host" + // https://tools.ietf.org/html/rfc6265#section-5.3 step 5 + if (host == domain) + return true; #if QT_CONFIG(topleveldomain) // the check for effective TLDs makes the "embedded dot" rule from RFC 2109 section 4.3.2 // redundant; the "leading dot" rule has been relaxed anyway, see QNetworkCookie::normalize() |