48 строки
2.1 KiB
Diff
48 строки
2.1 KiB
Diff
|
From 1b736a815be0222f4b24289cf17575fc15707305 Mon Sep 17 00:00:00 2001
|
||
|
From: Mårten Nordheim <marten.nordheim@qt.io>
|
||
|
Date: Fri, 05 May 2023 11:07:26 +0200
|
||
|
Subject: [PATCH] Hsts: match header names case insensitively
|
||
|
|
||
|
Header field names are always considered to be case-insensitive.
|
||
|
|
||
|
Pick-to: 6.5 6.5.1 6.2 5.15
|
||
|
Fixes: QTBUG-113392
|
||
|
Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43
|
||
|
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
||
|
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
||
|
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
||
|
---
|
||
|
|
||
|
diff --git a/./src/network/access/qhsts.cpp b/../qtbase-new/src/network/access/qhsts.cpp
|
||
|
index ce70b6a..68f406d 100644
|
||
|
--- a/./src/network/access/qhsts.cpp
|
||
|
+++ b/../qtbase-new/src/network/access/qhsts.cpp
|
||
|
@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR
|
||
|
bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
|
||
|
{
|
||
|
for (const auto &h : headers) {
|
||
|
- // We use '==' since header name was already 'trimmed' for us:
|
||
|
- if (h.first == "Strict-Transport-Security") {
|
||
|
+ // We compare directly because header name was already 'trimmed' for us:
|
||
|
+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
|
||
|
header = h.second;
|
||
|
// RFC6797, 8.1:
|
||
|
//
|
||
|
diff --git a/tests/auto/network/access/hsts/tst_qhsts.cpp b/tests/auto/network/access/hsts/tst_qhsts.cpp
|
||
|
index d72991a..c3c5f58 100644
|
||
|
--- a/tests/auto/network/access/hsts/tst_qhsts.cpp
|
||
|
+++ b/tests/auto/network/access/hsts/tst_qhsts.cpp
|
||
|
@@ -241,6 +241,12 @@ void tst_QHsts::testSTSHeaderParser()
|
||
|
QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc());
|
||
|
QVERIFY(parser.includeSubDomains());
|
||
|
|
||
|
+ list.pop_back();
|
||
|
+ list << Header("strict-transport-security", "includeSubDomains;max-age=1000");
|
||
|
+ QVERIFY(parser.parse(list));
|
||
|
+ QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc());
|
||
|
+ QVERIFY(parser.includeSubDomains());
|
||
|
+
|
||
|
list.pop_back();
|
||
|
// Invalid (includeSubDomains twice):
|
||
|
list << Header("Strict-Transport-Security", "max-age = 1000 ; includeSubDomains;includeSubDomains");
|