[Webkit-unassigned] [Bug 37090] New: Secure Cookies should only be sent over secure connections.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 5 08:51:38 PDT 2010


           Summary: Secure Cookies should only be sent over secure
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: All
            Status: NEW
          Keywords: Qt
          Severity: Normal
          Priority: P2
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: robert at webkit.org

Created an attachment (id=52537)
 --> (https://bugs.webkit.org/attachment.cgi?id=52537)
Qt Patch

QtWebKit currently fails the following test:


This is because QNetworkCookieJar::cookiesForUrl returns secure
cookies even when the connection is not secure.

A 'secure' cookie is set by response headers from a http server as follows:

'Set-Cookie: cookie-name=value; secure'

Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the
url in the request is not 'https://'.

Patch posted at:

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list