Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-52040

When a cookie header does not have a domain set then it falls back to the host but this can cause a problem when being validated

    XMLWordPrintable

    Details

    • Commits:
      51e14787d5c31a6397dbc43a134397f9bec8c6b3

      Description

      When a cookie header does not have a domain set then it falls back to the host but this can cause a problem when being validated. For example in the following cookie header case:

      HTTP/1.1 200 OK
      *Set-Cookie: Genero-SID=7a429c67a722aa98ea5191fe0812acd6; Path=/; HttpOnly *
      Server: GAS/3.00.10-150029(__l32xl212)
      Content-Type: text/plain
      Cache-Control: no-cache
      Expires: -1
      Pragma: no-cache
      Transfer-Encoding: chunked
      

      Then if this "Genero-SID" cookie is sent from a server on host "support" or "foo" without specifying whole name in the url, like http://support:80/some_url (and NOT http://support.com:80/some_url) Then the cookie will not be validated correctly, even though it should be based on the standard in this case.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            manordheim MÃ¥rten Nordheim
            Reporter:
            andysh Andy Shaw
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes