diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp index 39905f3548..82deede172 100644 --- a/src/network/access/qhsts.cpp +++ b/src/network/access/qhsts.cpp @@ -327,8 +327,8 @@ quoted-pair = "\" CHAR bool QHstsHeaderParser::parse(const QList> &headers) { for (const auto &h : headers) { - // We use '==' since header name was already 'trimmed' for us: - if (h.first == "Strict-Transport-Security") { + // We compare directly because header name was already 'trimmed' for us: + if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) { header = h.second; // RFC6797, 8.1: // diff --git a/tests/auto/network/access/hsts/tst_qhsts.cpp b/tests/auto/network/access/hsts/tst_qhsts.cpp index 252f5e8f57..97a2d2889e 100644 --- a/tests/auto/network/access/hsts/tst_qhsts.cpp +++ b/tests/auto/network/access/hsts/tst_qhsts.cpp @@ -216,6 +216,12 @@ void tst_QHsts::testSTSHeaderParser() QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); QVERIFY(parser.includeSubDomains()); + list.pop_back(); + list << Header("strict-transport-security", "includeSubDomains;max-age=1000"); + QVERIFY(parser.parse(list)); + QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); + QVERIFY(parser.includeSubDomains()); + list.pop_back(); // Invalid (includeSubDomains twice): list << Header("Strict-Transport-Security", "max-age = 1000 ; includeSubDomains;includeSubDomains");