Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-90231

[REG 5.15.1 -> 5.15.2] firstPartyUrl for cookie filter has subdomains stripped

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.15.4
    • 5.15.2
    • WebEngine
    • None
    • b5834447f319a43d1bf143c9d2d96d6fcb6dbea9 (qt/qtwebengine/5.15)

    Description

      Starting with Qt 5.15.2, the firstPartyUrl in QWebEngineCookieStore::FilterRequest looks like https://example.com/, even if the cookie is actually set on e.g. https://www.example.com/.

      This can be seen by patching simplebrowser to log those URLs, by adding this in main:

      QWebEngineProfile::defaultProfile()->cookieStore()->setCookieFilter([](auto request) {
    qDebug() << request.firstPartyUrl;
    return true;
});

      And then e.g. visiting mouser.com. With Qt 5.15.1, the URLs logged are https://eu.mouser.com/ and https://www.mouser.com/, while with Qt 5.15.2 they all are https://mouser.com/.

      I'm not sure if this was a deliberate change or a bug - but if deliberate, it seems like quite a breaking change for a patch release. Note that there's a privacy impact as well, as this could lead to cookies being blocked by the user to be accepted again (as the filter isn't working as intended).

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            pvarga Peter Varga
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes