summaryrefslogtreecommitdiffstats
path: root/src/network/access/qhstspolicy.h
Commit message (Collapse)AuthorAgeFilesLines
* QHstsPolicy: Replace bool with QFlagsTimur Pocheptsov2017-03-081-2/+9
| | | | | | | | | | | | | | | As pointed out in the previous code-review: Replace a bool ctor parameter with QFlags<enum> to conform to Qt API Design Principles (Boolean Parameter Trap). Since the bool with its many unwanted implicit conversions is gone from the ctor parameter list now, drop the explicit keyword again. It was requested because of the boolean parameter in the first place. Change-Id: Ibaf287a6a3e38c22f033fd5d9e024c54f30a1fd4 Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
* HSTS policy - fix APITimur Pocheptsov2017-02-241-6/+19
| | | | | | | | | | | | | | API-review follow-up: 1. make a ctor explicit 2. add swap member-function 3. make move-assignment inlined 4. make comparison operators non-members 5. make d_ptr QSharedDataPointer (and private implementation - QSharedData). Change-Id: I3257ca03cccd0f1254c9b95461752911359352a5 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Refactor HSTS cache implementationTimur Pocheptsov2017-01-241-0/+82
The original monstrosity is not needed at all. It was born only to implement RFC6797's description of the host matching algorithm (starting from superdomains and moving to subdomains). Actually, it does not really matter how we find known host - it can be a congruent match first instead, and then we proceed with superdomains. This way I can use QMap and my tests so far show it actually works faster (both insertion and lookup), also the code is cleaner now. Also, introduce the new class QHstsPolicy that essentially allows to mark a host as known host and conveniently encapsulates host name/expiration date/ subdomains policy. Add a public API providing access to HSTS policies, so that client code can pre-set or read back discovered known hosts (to implement persistent HSTS storage, for example). We support server-driven HSTS - this means client code is allowed to provide policies as hints to QNetworkAccessManager, but these policies can be overridden by HTTP responses with 'Strict-Transport-Security' headers. Change-Id: I64d250b6dc78bcb01003fadeded5302471d1389e Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 10:51:09 +0000