QNetworkCookie: Add the dot prefix of the domain while adding to the jar

instead than when parsing the cookie header.

This corrects the bug QT-2379, happening in the following sequence:
parseCookie -> setCookieUrl -> toRawForm -> parseCookie
where a default domain would now also have a dot prefix, and shouldn't.
QT-2379

Reviewed-by: Peter Hartmann

1 files changed, 7 insertions, 0 deletions

diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 8430966f6f..19f7217fd7 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -198,6 +198,13 @@ bool QNetworkCookieJar::setCookiesFromUrl(const QList<QNetworkCookie> &cookieLis
         if (cookie.domain().isEmpty()) {
             cookie.setDomain(defaultDomain);
         } else {
+            // Ensure the domain starts with a dot if its field was not empty
+            // in the HTTP header. There are some servers that forget the
+            // leading dot and this is actually forbidden according to RFC 2109,
+            // but all browsers accept it anyway so we do that as well.
+            if (!cookie.domain().startsWith(QLatin1Char('.')))
+                cookie.setDomain(QLatin1Char('.') + cookie.domain());
+
             QString domain = cookie.domain();
             if (!(isParentDomain(domain, defaultDomain)
                 || isParentDomain(defaultDomain, domain))) {