[Webkit-unassigned] [Bug 37090] New: Secure Cookies should only be sent over secure connections.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 5 08:51:38 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=37090
Summary: Secure Cookies should only be sent over secure
connections.
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: All
Status: NEW
Keywords: Qt
Severity: Normal
Priority: P2
Component: WebKit Qt
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: robert at webkit.org
Created an attachment (id=52537)
--> (https://bugs.webkit.org/attachment.cgi?id=52537)
Qt Patch
QtWebKit currently fails the following test:
LayoutTests/http/tests/xmlhttprequest/cookies.html
This is because QNetworkCookieJar::cookiesForUrl returns secure
cookies even when the connection is not secure.
A 'secure' cookie is set by response headers from a http server as follows:
'Set-Cookie: cookie-name=value; secure'
Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the
url in the request is not 'https://'.
Patch posted at:
http://bugreports.qt.nokia.com/browse/QTBUG-9618
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list