From b48e960969bee08174c79d6660de1e448f1c6b5c Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Wed, 22 Feb 2017 18:22:02 +0100 Subject: HSTS - API/naming fixes As recommended in API review: use 'is...STS...Enabled' and 'set...STS..Enabled(bool)' function names instead of stsEnabled and separate enable/disable functions. Replace QList with QVector in the public API. Change-Id: I1526124c830450058967ebc192d27575cc89292d Reviewed-by: Marc Mutz --- src/network/access/qnetworkaccessmanager.cpp | 40 +++++++++------------------- 1 file changed, 13 insertions(+), 27 deletions(-) (limited to 'src/network/access/qnetworkaccessmanager.cpp') diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp index 19e9ecc265..0b03865df8 100644 --- a/src/network/access/qnetworkaccessmanager.cpp +++ b/src/network/access/qnetworkaccessmanager.cpp @@ -697,36 +697,22 @@ void QNetworkAccessManager::setCookieJar(QNetworkCookieJar *cookieJar) /*! \since 5.9 - Enables HTTP Strict Transport Security (HSTS, RFC6797). When processing a - request, QNetworkAccessManager automatically replaces "http" scheme with - "https" and uses a secure transport if a host is a known HSTS host. - Port 80 if it's set explicitly is replaced by port 443. + If \a enabled is \c true, QNetworkAccessManager follows the HTTP Strict Transport + Security policy (HSTS, RFC6797). When processing a request, QNetworkAccessManager + automatically replaces the "http" scheme with "https" and uses a secure transport + for HSTS hosts. If it's set explicitly, port 80 is replaced by port 443. When HSTS is enabled, for each HTTP response containing HSTS header and received over a secure transport, QNetworkAccessManager will update its HSTS cache, either remembering a host with a valid policy or removing a host with - expired/disabled HSTS policy. + an expired or disabled HSTS policy. - \sa disableStrictTransportSecurity(), strictTransportSecurityEnabled() + \sa isStrictTransportSecurityEnabled() */ -void QNetworkAccessManager::enableStrictTransportSecurity() +void QNetworkAccessManager::setStrictTransportSecurityEnabled(bool enabled) { Q_D(QNetworkAccessManager); - d->stsEnabled = true; -} - -/*! - \since 5.9 - - Disables HTTP Strict Transport Security (HSTS). HSTS headers in responses would - be ignored, no scheme/port mapping is done. - - \sa enableStrictTransportSecurity() -*/ -void QNetworkAccessManager::disableStrictTransportSecurity() -{ - Q_D(QNetworkAccessManager); - d->stsEnabled = false; + d->stsEnabled = enabled; } /*! @@ -735,9 +721,9 @@ void QNetworkAccessManager::disableStrictTransportSecurity() Returns true if HTTP Strict Transport Security (HSTS) was enabled. By default HSTS is disabled. - \sa enableStrictTransportSecurity + \sa setStrictTransportSecurityEnabled() */ -bool QNetworkAccessManager::strictTransportSecurityEnabled() const +bool QNetworkAccessManager::isStrictTransportSecurityEnabled() const { Q_D(const QNetworkAccessManager); return d->stsEnabled; @@ -761,7 +747,7 @@ bool QNetworkAccessManager::strictTransportSecurityEnabled() const \sa addStrictTransportSecurityHosts(), QHstsPolicy */ -void QNetworkAccessManager::addStrictTransportSecurityHosts(const QList &knownHosts) +void QNetworkAccessManager::addStrictTransportSecurityHosts(const QVector &knownHosts) { Q_D(QNetworkAccessManager); d->stsCache.updateFromPolicies(knownHosts); @@ -776,7 +762,7 @@ void QNetworkAccessManager::addStrictTransportSecurityHosts(const QList QNetworkAccessManager::strictTransportSecurityHosts() const +QVector QNetworkAccessManager::strictTransportSecurityHosts() const { Q_D(const QNetworkAccessManager); return d->stsCache.policies(); @@ -1390,7 +1376,7 @@ QNetworkReply *QNetworkAccessManager::createRequest(QNetworkAccessManager::Opera #endif ) { #ifndef QT_NO_SSL - if (strictTransportSecurityEnabled() && d->stsCache.isKnownHost(request.url())) { + if (isStrictTransportSecurityEnabled() && d->stsCache.isKnownHost(request.url())) { QUrl stsUrl(request.url()); // RFC6797, 8.3: // The UA MUST replace the URI scheme with "https" [RFC2818], -- cgit v1.2.3