Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.12.4, 5.13.1
-
None
-
6cee284001adf9da42b347a074cbff3cb92621b2 (qt/qtbase/5.14)
Description
Example code:
QNetworkCookieJar jar; QNetworkCookie cookie("abc", "test"); cookie.setDomain(".ck"); jar.insertCookie(cookie); qDebug() << jar.cookiesForUrl(QUrl("http://test.ck"));
Expected output is an empty list since test.ck is public suffix domain according to Public Suffix List so we should not have an ability of setting cookie to it.
Real output:
(QNetworkCookie("abc=test; domain=.ck"))
After investigating into this issue I found out that the problem is that qIsEffectiveTLD() from corelib/io/qtldurl.cpp returns false for domains listed as wildcards in public suffix list, such as:
*.ck *.webhare.dev *.compute.estate
and others.
For example:
qIsEffectiveTLD("ck") = false
While widely-used libraries for handling TLDs such as libpsl and libsoup treat such domains as public suffix:
soup_tld_domain_is_public_suffix("ck") = true
Attachments
For Gerrit Dashboard: QTBUG-78097 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
273108,6 | Fix qIsEffectiveTLD() behavior for wildcard-listed TLDs | 5.13 | qt/qtbase | Status: NEW | -2 | 0 |