Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-78097

Wrong QNetworkCookieJar::cookiesForUrl() behavior for public-suffix TLDs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P2: Important P2: Important
    • 5.14.0 Alpha
    • 5.12.4, 5.13.1
    • Network: HTTP
    • None
    • 6cee284001adf9da42b347a074cbff3cb92621b2 (qt/qtbase/5.14)

      Example code:

      QNetworkCookieJar jar;
      QNetworkCookie cookie("abc", "test");
      cookie.setDomain(".ck");
      jar.insertCookie(cookie);
      
      qDebug() << jar.cookiesForUrl(QUrl("http://test.ck"));
      

      Expected output is an empty list since test.ck is public suffix domain according to Public Suffix List so we should not have an ability of setting cookie to it.

      Real output:

      (QNetworkCookie("abc=test; domain=.ck"))
      

      After investigating into this issue I found out that the problem is that qIsEffectiveTLD() from corelib/io/qtldurl.cpp returns false for domains listed as wildcards in public suffix list, such as:

      *.ck
      *.webhare.dev
      *.compute.estate
      

      and others.

      For example:

      qIsEffectiveTLD("ck") = false
      

      While widely-used libraries for handling TLDs such as libpsl and libsoup treat such domains as public suffix:

      soup_tld_domain_is_public_suffix("ck") = true
      

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            polter.rnd polter.rnd
            polter.rnd polter.rnd
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There is 1 open Gerrit change