From 369857d29437615e1fda9fb1ab2f94e464d55ca2 Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@qt.io>
Date: Fri, 26 Aug 2016 13:39:14 +0200
Subject: Add configure feature for QUrl::topLevelDomain

Change-Id: I237af8c60a9572c707e7004c9a284dd6cd3306ce
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
---
 src/network/access/qnetworkcookiejar.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'src/network')

diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 429b71eb21..0540cb740f 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -335,11 +335,20 @@ bool QNetworkCookieJar::validateCookie(const QNetworkCookie &cookie, const QUrl
     if (!isParentDomain(domain, host) && !isParentDomain(host, domain))
         return false; // not accepted
 
+    if (domain.startsWith(QLatin1Char('.')))
+        domain = domain.mid(1);
+
+#if QT_CONFIG(topleveldomain)
     // the check for effective TLDs makes the "embedded dot" rule from RFC 2109 section 4.3.2
     // redundant; the "leading dot" rule has been relaxed anyway, see QNetworkCookie::normalize()
     // we remove the leading dot for this check if it's present
-    if (qIsEffectiveTLD(domain.startsWith('.') ? domain.remove(0, 1) : domain))
+    if (qIsEffectiveTLD(domain))
         return false; // not accepted
+#else
+    // provide minimal checking by not accepting cookies on real TLDs
+    if (!domain.contains(QLatin1Char('.')))
+        return false;
+#endif
 
     return true;
 }
-- 
cgit v1.2.3