diff options
author | Samuel Gaist <samuel.gaist@idiap.ch> | 2018-11-20 23:31:37 +0100 |
---|---|---|
committer | Samuel Gaist <samuel.gaist@idiap.ch> | 2018-11-22 13:06:16 +0000 |
commit | c85304484261af2fc046c909087549799a5979f9 (patch) | |
tree | 50a8ef43ba4db67722daf247f4edb036ccc72646 | |
parent | b69560d2b48d2dde568b0b7d5bf40adb21f61f95 (diff) |
Use 127.0.0.1 for redirect URI
Following section 8.3 of RFC 8252
(https://tools.ietf.org/html/rfc8252#section-8.3), it is specifically
not recommended to use localhost but 127.0.0.1. This patch fixes that.
[ChangeLog][General] Use 127.0.0.1 in place of localhost for redirect
URI following RFC 8252.
Fixes: QTBUG-67528
Change-Id: I6f5a8dd26134cde2373185eaf2c8853d6f500e98
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
4 files changed, 6 insertions, 6 deletions
diff --git a/examples/oauth/redditclient/doc/src/qtnetworkauth-redditclient.qdoc b/examples/oauth/redditclient/doc/src/qtnetworkauth-redditclient.qdoc index 6106ef1..a8af6d5 100644 --- a/examples/oauth/redditclient/doc/src/qtnetworkauth-redditclient.qdoc +++ b/examples/oauth/redditclient/doc/src/qtnetworkauth-redditclient.qdoc @@ -40,7 +40,7 @@ To use this example, a consumer key from Reddit is needed. To register the application visit https://www.reddit.com/prefs/apps/. \note Choose \e {installed app} when creating the application. - \note Set the redirect URI to \e http://localhost:1337/ in Reddit settings. + \note Set the redirect URI to \e http://127.0.0.1:1337/ in Reddit settings. \include examples-run.qdocinc */ diff --git a/examples/oauth/twittertimeline/doc/src/qtnetworkauth-twittertimeline.qdoc b/examples/oauth/twittertimeline/doc/src/qtnetworkauth-twittertimeline.qdoc index 2a7fa4c..213ea86 100644 --- a/examples/oauth/twittertimeline/doc/src/qtnetworkauth-twittertimeline.qdoc +++ b/examples/oauth/twittertimeline/doc/src/qtnetworkauth-twittertimeline.qdoc @@ -39,7 +39,7 @@ To use this example, a consumer key and secret from Twitter are needed. To register the application visit https://apps.twitter.com. - You’ll need to add \e http://localhost:1337/callback as a callback URL + You’ll need to add \e http://127.0.0.1:1337/callback as a callback URL in your Twitter app settings. \include examples-run.qdocinc diff --git a/src/oauth/qoauthhttpserverreplyhandler.cpp b/src/oauth/qoauthhttpserverreplyhandler.cpp index dca4671..aefdd08 100644 --- a/src/oauth/qoauthhttpserverreplyhandler.cpp +++ b/src/oauth/qoauthhttpserverreplyhandler.cpp @@ -187,7 +187,7 @@ bool QOAuthHttpServerReplyHandlerPrivate::QHttpRequest::readUrl(QTcpSocket *sock qCWarning(lcReplyHandler, "Invalid URL path %s", fragment.constData()); return false; } - url.setUrl(QStringLiteral("http://localhost:") + QString::number(port) + + url.setUrl(QStringLiteral("http://127.0.0.1:") + QString::number(port) + QString::fromUtf8(fragment)); state = State::ReadingStatus; if (!url.isValid()) { @@ -273,7 +273,7 @@ QString QOAuthHttpServerReplyHandler::callback() const Q_D(const QOAuthHttpServerReplyHandler); Q_ASSERT(d->httpServer.isListening()); - const QUrl url(QString::fromLatin1("http://localhost:%1/%2") + const QUrl url(QString::fromLatin1("http://127.0.0.1:%1/%2") .arg(d->httpServer.serverPort()).arg(d->path)); return url.toString(QUrl::EncodeDelimiters); } diff --git a/tests/auto/shared/webserver.h b/tests/auto/shared/webserver.h index 63ba001..2c27c28 100644 --- a/tests/auto/shared/webserver.h +++ b/tests/auto/shared/webserver.h @@ -146,7 +146,7 @@ WebServer::WebServer(Handler handler, QObject *parent) : QUrl WebServer::url(const QString &path) { - const QString format("http://localhost:%1%2"); + const QString format("http://127.0.0.1:%1%2"); return QUrl(format.arg(serverPort()).arg(path.startsWith('/') ? path : "/" + path)); } @@ -199,7 +199,7 @@ bool WebServer::HttpRequest::readUrl(QTcpSocket *socket) qWarning("Invalid URL path %s", fragment.constData()); return false; } - url.setUrl(QStringLiteral("http://localhost:") + QString::number(port) + + url.setUrl(QStringLiteral("http://127.0.0.1:") + QString::number(port) + QString::fromUtf8(fragment)); state = State::ReadingStatus; if (!url.isValid()) { |