From 83f4f9b40135f137f4f6fb009067392884f82426 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Fri, 6 Jan 2017 19:04:22 +0100 Subject: Add HTTP strict tranport security support to QNAM HTTP Strict Transport Security (HSTS) is a web security policy that allows a web server to declare that user agents should only interact with it using secure HTTPS connections. HSTS is described by RFC6797. This patch introduces a new API in Network Access Manager to enable this policy or disable it (default - STS is disabled). We also implement QHstsCache which caches known HTTS hosts, does host name lookup and domain name matching; QHstsHeaderParser to parse HSTS headers with HSTS policies. A new autotest added to test the caching, host name matching and headers parsing. [ChangeLog][QtNetwork] Added HTTP Strict Transport Security to QNAM Task-number: QTPM-238 Change-Id: Iabb5920344bf204a0d3036284f0d60675c29315c Reviewed-by: Timur Pocheptsov --- src/network/access/qnetworkreply.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src/network/access/qnetworkreply.cpp') diff --git a/src/network/access/qnetworkreply.cpp b/src/network/access/qnetworkreply.cpp index 17990f02f5..ca27e66791 100644 --- a/src/network/access/qnetworkreply.cpp +++ b/src/network/access/qnetworkreply.cpp @@ -732,7 +732,11 @@ void QNetworkReply::setSslConfiguration(const QSslConfiguration &config) You can clear the list of errors you want to ignore by calling this function with an empty list. - \sa sslConfiguration(), sslErrors(), QSslSocket::ignoreSslErrors() + \note If HTTP Strict Transport Security is enabled for QNetworkAccessManager, + this function has no effect. + + \sa sslConfiguration(), sslErrors(), QSslSocket::ignoreSslErrors(), + QNetworkAccessManager::enableStrictTransportSecurity() */ void QNetworkReply::ignoreSslErrors(const QList &errors) { @@ -799,6 +803,9 @@ void QNetworkReply::ignoreSslErrorsImplementation(const QList &) sslErrors() signal, which indicates which errors were found. + \note If HTTP Strict Transport Security is enabled for QNetworkAccessManager, + this function has no effect. + \sa sslConfiguration(), sslErrors(), QSslSocket::ignoreSslErrors() */ void QNetworkReply::ignoreSslErrors() -- cgit v1.2.3