Commit ad2679b8 authored by hausmann@webkit.org's avatar hausmann@webkit.org
Browse files

[Qt] Remove the Referer header when redirecting to a non-secure site

https://bugs.webkit.org/show_bug.cgi?id=31785

Patch by Jakub Wieczorek <faw217@gmail.com> on 2009-11-22
Reviewed by Adam Barth.

This makes Qt pass two tests introduced in r50226.

WebCore:

* platform/network/qt/QNetworkReplyHandler.cpp:
(WebCore::QNetworkReplyHandler::sendResponseIfNeeded):

LayoutTests:

* platform/qt/Skipped:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51387 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 3e70d975
2009-11-22 Jakub Wieczorek <faw217@gmail.com>
Reviewed by Adam Barth.
[Qt] Remove the Referer header when redirecting to a non-secure site
https://bugs.webkit.org/show_bug.cgi?id=31785
This makes Qt pass two tests introduced in r50226.
* platform/qt/Skipped:
2009-11-24 Chris Marrin <cmarrin@apple.com>
 
Reviewed by Simon Fraser.
......@@ -42,10 +42,6 @@ http/tests/wml
# Failing URL test
http/tests/uri/escaped-entity.html
# Failing HTTP SSL tests
http/tests/ssl/referer-301.html
http/tests/ssl/referer-303.html
# Failing HTTP Loading tests
http/tests/loading/bad-server-subframe.html
http/tests/loading/bad-scheme-subframe.html
......
2009-11-22 Jakub Wieczorek <faw217@gmail.com>
Reviewed by Adam Barth.
[Qt] Remove the Referer header when redirecting to a non-secure site
https://bugs.webkit.org/show_bug.cgi?id=31785
This makes Qt pass two tests introduced in r50226.
* platform/network/qt/QNetworkReplyHandler.cpp:
(WebCore::QNetworkReplyHandler::sendResponseIfNeeded):
2009-11-25 Andrei Popescu <andreip@google.com>
 
Reviewed by Dimitri Glazkov.
......@@ -323,6 +323,10 @@ void QNetworkReplyHandler::sendResponseIfNeeded()
newRequest.setHTTPMethod("GET");
}
// Should not set Referer after a redirect from a secure resource to non-secure one.
if (!newRequest.url().protocolIs("https") && protocolIs(newRequest.httpReferrer(), "https"))
newRequest.clearHTTPReferrer();
client->willSendRequest(m_resourceHandle, newRequest, response);
m_redirected = true;
m_request = newRequest.toNetworkRequest(m_resourceHandle->getInternal()->m_frame);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment