Use 127.0.0.1 for redirect URI

Following section 8.3 of RFC 8252
(https://tools.ietf.org/html/rfc8252#section-8.3), it is specifically
not recommended to use localhost but 127.0.0.1. This patch fixes that.

[ChangeLog][General] Use 127.0.0.1 in place of localhost for redirect
URI following RFC 8252.

Fixes: QTBUG-67528
Change-Id: I6f5a8dd26134cde2373185eaf2c8853d6f500e98
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

4 files changed, 6 insertions, 6 deletions

diff --git a/examples/oauth/redditclient/doc/src/qtnetworkauth-redditclient.qdoc b/examples/oauth/redditclient/doc/src/qtnetworkauth-redditclient.qdoc
index 6106ef1..a8af6d5 100644
--- a/examples/oauth/redditclient/doc/src/qtnetworkauth-redditclient.qdoc
+++ b/examples/oauth/redditclient/doc/src/qtnetworkauth-redditclient.qdoc
@@ -40,7 +40,7 @@
     To use this example, a consumer key from Reddit is needed.
     To register the application visit https://www.reddit.com/prefs/apps/.
     \note Choose \e {installed app} when creating the application.
-    \note Set the redirect URI to \e http://localhost:1337/ in Reddit settings.
+    \note Set the redirect URI to \e http://127.0.0.1:1337/ in Reddit settings.
 
     \include examples-run.qdocinc
 */
diff --git a/examples/oauth/twittertimeline/doc/src/qtnetworkauth-twittertimeline.qdoc b/examples/oauth/twittertimeline/doc/src/qtnetworkauth-twittertimeline.qdoc
index 2a7fa4c..213ea86 100644
--- a/examples/oauth/twittertimeline/doc/src/qtnetworkauth-twittertimeline.qdoc
+++ b/examples/oauth/twittertimeline/doc/src/qtnetworkauth-twittertimeline.qdoc
@@ -39,7 +39,7 @@
 
     To use this example, a consumer key and secret from Twitter are needed.
     To register the application visit https://apps.twitter.com.
-    You’ll need to add \e http://localhost:1337/callback as a callback URL
+    You’ll need to add \e http://127.0.0.1:1337/callback as a callback URL
     in your Twitter app settings.
 
     \include examples-run.qdocinc
diff --git a/src/oauth/qoauthhttpserverreplyhandler.cpp b/src/oauth/qoauthhttpserverreplyhandler.cpp
index dca4671..aefdd08 100644
--- a/src/oauth/qoauthhttpserverreplyhandler.cpp
+++ b/src/oauth/qoauthhttpserverreplyhandler.cpp
@@ -187,7 +187,7 @@ bool QOAuthHttpServerReplyHandlerPrivate::QHttpRequest::readUrl(QTcpSocket *sock
             qCWarning(lcReplyHandler, "Invalid URL path %s", fragment.constData());
             return false;
         }
-        url.setUrl(QStringLiteral("http://localhost:") + QString::number(port) +
+        url.setUrl(QStringLiteral("http://127.0.0.1:") + QString::number(port) +
                    QString::fromUtf8(fragment));
         state = State::ReadingStatus;
         if (!url.isValid()) {
@@ -273,7 +273,7 @@ QString QOAuthHttpServerReplyHandler::callback() const
     Q_D(const QOAuthHttpServerReplyHandler);
 
     Q_ASSERT(d->httpServer.isListening());
-    const QUrl url(QString::fromLatin1("http://localhost:%1/%2")
+    const QUrl url(QString::fromLatin1("http://127.0.0.1:%1/%2")
                    .arg(d->httpServer.serverPort()).arg(d->path));
     return url.toString(QUrl::EncodeDelimiters);
 }
diff --git a/tests/auto/shared/webserver.h b/tests/auto/shared/webserver.h
index 63ba001..2c27c28 100644
--- a/tests/auto/shared/webserver.h
+++ b/tests/auto/shared/webserver.h
@@ -146,7 +146,7 @@ WebServer::WebServer(Handler handler, QObject *parent) :
 
 QUrl WebServer::url(const QString &path)
 {
-    const QString format("http://localhost:%1%2");
+    const QString format("http://127.0.0.1:%1%2");
     return QUrl(format.arg(serverPort()).arg(path.startsWith('/') ? path : "/" + path));
 }
 
@@ -199,7 +199,7 @@ bool WebServer::HttpRequest::readUrl(QTcpSocket *socket)
             qWarning("Invalid URL path %s", fragment.constData());
             return false;
         }
-        url.setUrl(QStringLiteral("http://localhost:") + QString::number(port) +
+        url.setUrl(QStringLiteral("http://127.0.0.1:") + QString::number(port) +
                    QString::fromUtf8(fragment));
         state = State::ReadingStatus;
         if (!url.isValid()) {