[Webkit-unassigned] [Bug 37090] New: Secure Cookies should only be sent over secure connections.

Mon Apr 5 08:51:38 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=37090

           Summary: Secure Cookies should only be sent over secure
                    connections.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: All
            Status: NEW
          Keywords: Qt
          Severity: Normal
          Priority: P2
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: robert at webkit.org

Created an attachment (id=52537)
 --> (https://bugs.webkit.org/attachment.cgi?id=52537)
Qt Patch

QtWebKit currently fails the following test:

LayoutTests/http/tests/xmlhttprequest/cookies.html

This is because QNetworkCookieJar::cookiesForUrl returns secure
cookies even when the connection is not secure.

A 'secure' cookie is set by response headers from a http server as follows:

'Set-Cookie: cookie-name=value; secure'

Correct QNetworkCookieJar::cookiesForUrl to ignore secure cookies when the
url in the request is not 'https://'.

Patch posted at:
http://bugreports.qt.nokia.com/browse/QTBUG-9618

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.