Bug 37090 - [Qt] Secure Cookies should only be sent over secure connections.
Summary: [Qt] Secure Cookies should only be sent over secure connections.
Status: CLOSED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Qt (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC All
: P2 Normal
Assignee: Robert Hogan
URL:
Keywords: Qt
Depends on:
Blocks:
 
Reported: 2010-04-05 08:51 PDT by Robert Hogan
Modified: 2010-05-09 02:23 PDT (History)
1 user (show)

See Also:

Attachments
Qt Patch (1.80 KB, patch)
2010-04-05 08:51 PDT, Robert Hogan 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Hogan 2010-04-05 08:51:38 PDT 
Created attachment 52537 [details]
Qt Patch

QtWebKit currently fails the following test:

LayoutTests/http/tests/xmlhttprequest/cookies.html

This is because QNetworkCookieJar::cookiesForUrl returns secure
cookies even when the connection is not secure.

A 'secure' cookie is set by response headers from a http server as follows:

'Set-Cookie: cookie-name=value; secure'

Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the
url in the request is not 'https://'.

Patch posted at:
http://bugreports.qt.nokia.com/browse/QTBUG-9618
Comment 1 Robert Hogan 2010-05-09 02:23:20 PDT 
Fix in Qt merged: http://gitorious.org/qt/qt/merge_requests/2372

Test will be unskipped when bot upgrades to 4.7