Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-9618

HTTP: Secure Cookies Should only be sent on secure connections

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 4.7.0
    • 4.6.2
    • Network
    • None
    • 483fdd017d9998c6d7f4a035ca615e15fbc97e6a

    Description

      Secure Cookies should only be sent over secure connections.

      QtWebKit currently fails the following test:

      LayoutTests/http/tests/xmlhttprequest/cookies.html

      This is because QNetworkCookieJar::cookiesForUrl returns secure
      cookies even when the connection is not secure.

      A 'secure' cookie is set by response headers from a http server as follows:

      'Set-Cookie: cookie-name=value; secure'

      Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the
      url in the request is not 'https://'.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            phartman Peter Hartmann (closed Nokia identity) (Inactive)
            robert@roberthogan.net Robert Hogan
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes