Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-78097

Wrong QNetworkCookieJar::cookiesForUrl() behavior for public-suffix TLDs

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 5.14.0 Alpha
    • 5.12.4, 5.13.1
    • Network: HTTP
    • None
    • 6cee284001adf9da42b347a074cbff3cb92621b2 (qt/qtbase/5.14)

    Description

      Example code:

      QNetworkCookieJar jar;
      QNetworkCookie cookie("abc", "test");
      cookie.setDomain(".ck");
      jar.insertCookie(cookie);
      
      qDebug() << jar.cookiesForUrl(QUrl("http://test.ck"));
      

      Expected output is an empty list since test.ck is public suffix domain according to Public Suffix List so we should not have an ability of setting cookie to it.

      Real output:

      (QNetworkCookie("abc=test; domain=.ck"))
      

      After investigating into this issue I found out that the problem is that qIsEffectiveTLD() from corelib/io/qtldurl.cpp returns false for domains listed as wildcards in public suffix list, such as:

      *.ck
      *.webhare.dev
      *.compute.estate
      

      and others.

      For example:

      qIsEffectiveTLD("ck") = false
      

      While widely-used libraries for handling TLDs such as libpsl and libsoup treat such domains as public suffix:

      soup_tld_domain_is_public_suffix("ck") = true
      

      Attachments

        For Gerrit Dashboard: QTBUG-78097
        # Subject Branch Project Status CR V

        Activity

          People

            polter.rnd polter.rnd
            polter.rnd polter.rnd
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There is 1 open Gerrit change