Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-90231

[REG 5.15.1 -> 5.15.2] firstPartyUrl for cookie filter has subdomains stripped

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P1: Critical P1: Critical
    • 5.15.4
    • 5.15.2
    • WebEngine
    • None
    • b5834447f319a43d1bf143c9d2d96d6fcb6dbea9 (qt/qtwebengine/5.15)

      Starting with Qt 5.15.2, the firstPartyUrl in QWebEngineCookieStore::FilterRequest looks like https://example.com/, even if the cookie is actually set on e.g. https://www.example.com/.

      This can be seen by patching simplebrowser to log those URLs, by adding this in main:

      QWebEngineProfile::defaultProfile()->cookieStore()->setCookieFilter([](auto request) {
    qDebug() << request.firstPartyUrl;
    return true;
});

      And then e.g. visiting mouser.com. With Qt 5.15.1, the URLs logged are https://eu.mouser.com/ and https://www.mouser.com/, while with Qt 5.15.2 they all are https://mouser.com/.

      I'm not sure if this was a deliberate change or a bug - but if deliberate, it seems like quite a breaking change for a patch release. Note that there's a privacy impact as well, as this could lead to cookies being blocked by the user to be accepted again (as the filter isn't working as intended).

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            pvarga Peter Varga
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes