The path wouldn't match if the cookie's path was root ('/') and the
URLs path was empty.
Change-Id: I6dcd10f1fdf4f48f14e50f1b169cbdfda7005849
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
All POST requests that were redirected would previously turn into GET
requests. This does not follow the standard for HTTP codes 307 and 308.
Task-number: QTBUG-63142
Change-Id: Ibd25a9566066e589670a9bc34e5dc5111f8139d5
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
In some cases when a session isn't needed (i.e. for localhost), the
session is not opened at all. If a program (e.g. our tests) redirects
from localhost to a different system (e.g. the qt network test
servers, or the internet) it will wait for a session forever. So, we
need to check if a session is needed for the redirect-target and then
open one. It is usually opened in
QNetworkReplyHttpImplPrivate::_q_startOperation
Change-Id: Id3b78182a3fb3f63f0235ecb1fb665df8bd0c4ca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
We already cleared 'cookedHeaders', which is a QHash for 'known headers'
(enumerators as keys instead of strings), now do the same for 'rawHeaders'-
not to end up with some weird mix of headers from all possible redirect
responses and the final response.
Task-number: QTBUG-61300
Change-Id: Ifd6655c4167840bb00d29446d36ce65ba2d5491a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
A few tests would QSKIP depending on the inclusion of SSL, producing
multiple lines of noise in the output.
And one test used https in one of its configurations without checking to
see if it could, causing an UnknownProtocolError.
Change-Id: I5f54bf1005f962cc027c099b816fbe245dc43d3f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
We were using the default ones, provided by RFC7540. It appears they are way
too restrictive and conservative: when downloading something relatively big,
a stream keeps spending the whole session/its own 'recv' windows and thus
we have to constantly send WINDOW_UPDATE frames. This significantly slows
down our HTTP/2 implementation, making it orders of magnitude slower than
HTTP/1.1. To fix this:
- We send SETTINGS_INITIAL_WINDOW_SIZE in the first SETTINGS frame
to inform our peer that per-stream WINDOW is bigger than 64Kb
- We increase the session's receive window size.
Task-number: QTBUG-63722
Change-Id: I31312fcfd5f0fc0aee6aaa5d3562cc7d1b931adc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
308 Permanent Redirect was introduced after redirection support was
initially added to Qt.
[ChangeLog][QtNetwork][QNetworkAccessManager] Added support for HTTP status 308.
Task-number: QTBUG-63075
Change-Id: I1c6cda331d776237113ef8854de9abfe7e41ed3e
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Remaining uses of Q_NULLPTR are in:
src/corelib/global/qcompilerdetection.h
(definition and documentation of Q_NULLPTR)
tests/manual/qcursor/qcursorhighdpi/main.cpp
(a test executable compilable both under Qt4 and Qt5)
Change-Id: If6b074d91486e9b784138f4514f5c6d072acda9a
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Remaining uses of Q_DECL_OVERRIDE are in:
src/corelib/global/qcompilerdetection.h
src/corelib/global/qglobal.cpp
doc/global/qt-cpp-defines.qdocconf
(definition and documentation of Q_DECL_OVERRIDE)
tests/manual/qcursor/qcursorhighdpi/main.cpp
(a test executable compilable both under Qt4 and Qt5)
Change-Id: Ib9b05d829add69e98a86238274b6a1fcb19b49ba
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
The issue itself is not really worth fixing (the very first request
being supposed to have a different proxy than any of the other
following requests before a session has been initiated), but we can
at least make the test pass when it is run alone.
Task-number: QTBUG-63134
Change-Id: I6c7df5c5653541031811e6bff562572061afae0f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The sources were already added conditionally in the project file since
179fe5981f.
Change-Id: I0baaec2e772f3e596d311c1973b9745aa2b80423
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Teach our MiniHttpServer to better handle POST and PUT requests:
read the POST/PUT data too (not headers only), before replying
and flushing. The original comment says MiniHttpServer does
not support POST/PUT requests, it's not true anymore - we can
handle them (perhaps the simplest/shortest ones).
Task-number: QTBUG-62844
Change-Id: I80260f8ede1bb1b0b9d6042ecd59558bb7e9a998
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Without TLS (and thus ALPN/NPN negotiation) HTTP/2 requires
a protocol upgrade procedure, as described in RFC 7540, 3.2.
We start as HTTP/1.1 (and thus we create QHttpProtocolHandler first),
augmenting the headers we send with 'Upgrade: h2c'. In case
we receive HTTP/1.1 response with status code 101 ('Switching
Protocols'), we continue as HTTP/2 session, creating QHttp2ProtocolHandler
and pretending the first request we sent was HTTP/2 request
on a real HTTP/2 stream. If the first response is something different
from 101, we continue as HTTP/1.1. This change also required
auto-test update: our toy-server now has to respond to
the initial HTTP/1.1 request on a platform without ALPN/NPN.
As a bonus a subtle flakyness in 'goaway' auto-test went
away (well, it was fixed).
[ChangeLog][QtNetwork][HTTP/2] In case of clear text HTTP/2 we
now initiate a required protocol upgrade procedure instead of
'H2Direct' connection.
Task-number: QTBUG-61397
Change-Id: I573fa304fdaf661490159037dc47775d97c8ea5b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
That means a file is never created, unless you ask for the name. There's
no chance of left-over temporary files being left behind. QSaveFile also
benefits from this, since the save file is not present on disk until
commit(). Unfortunately, QSaveFile must go through a temporary name
because linkat(2) cannot overwrite -- we need rename(2) for that (for
now).
[ChangeLog][Important Behavior Changes][QTemporaryFile] On Linux,
QTemporaryFile will attempt to create unnamed temporary files. If that
succeeds, open() will return true but exists() will be false. If you
call fileName() or any function that calls it, QTemporaryFile will give
the file a name, so most applications will not see a difference.
Change-Id: I1eba2b016de74620bfc8fffd14cc843e5b0919d0
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Conflicts:
src/widgets/kernel/qwidget.cpp
This merge also extends the expected output of the pairdiagnostics
teamcity output (added in dev in commit
c608ffc56a) after the recent addition of
the flowId attribute to the teamcity output (commit
8f03656211 in 5.9).
Change-Id: I3868166e5efc45538544fffd14d8aba438f9173c
The test verifies that a cookie with a date in the future is not
"expired" and will be sent to the server. This test started failing
on August 7th 2017 when the test case "0003" with it's cookie expiring
August 7th 2017 started ... expiring ;-)
Bumped all suspicious cookie test cases by a hundred years.
Change-Id: I7c09069ec4999e2ea0aae7b2a2819cced0fd6a99
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
The store is using QSettings under the hood. A user can enable/disable
storing HSTS policies (via QNAM's setter method) and we take care of
the rest - filling QHstsCache from the store, writing updated/observed
targets, removing expired policies.
Change-Id: I26e4a98761ddfe5005fedd18be56a6303fe7b35a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This is the result of running the (experimental) clang-tidy check
qt-modernize-qsharedpointer-create
Discarded changes:
- tst_qsharedpointer.cpp: not sure we want these replacements there
(→ separate change)
- tst_collations.cpp: hit in a template specialization that is
instantiated with both QSharedPointer and QSharedDataPointer.
Change-Id: I203c2646e91d026735d923473af3d151d19e3820
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
tst_qvariant.cpp(80): warning C4309: 'initializing': truncation of constant value
tst_qvariant.cpp(4635): warning C4309: 'initializing': truncation of constant value
tst_qbytearray.cpp(1438): warning C4267: 'argument': conversion from 'size_t' to 'uint', possible loss of data
tst_qbytearray.cpp(1440): warning C4267: 'argument': conversion from 'size_t' to 'uint', possible loss of data
http2srv.cpp(64): warning C4018: '<=': signed/unsigned mismatch
tst_qinputdialog.cpp(352): warning C4804: '<=': unsafe use of type 'bool' in operation
Change-Id: Id012d88b7b20c5c9f128f2ef53753cc1d479f358
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
If QEMU is provided sysroot with QEMU_LD_PREFIX, it opens files from there. If their
owner is the current user, testing their access rights based on assumption that they
are root fails. Skip the tests in that case similarly as is already done when the
tests are run as root.
This fixes following tests:
- tst_QTemporaryDir::nonWritableCurrentDir
- tst_QNetworkReply::getErrors(file-permissions)
- tst_qstandardpaths::testCustomRuntimeDirectory
Task-number: QTBUG-59966
Change-Id: I972ce37b4b5a7747cdd732a8e4a737ef09cbc6a5
Reviewed-by: Teemu Holappa <teemu.holappa@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Previously we were always setting SpdyWasUsedAttribute for SPDY/HTTP/2/HTTP/1.1
(true/false) which is confusing. Now if HTTP2AllowedAttribute was set to true on
a request, we set HTTP2WasUsedAttribute. Otherwise, as we did before, we're setting
SpdyWasUsedAttribute.
Change-Id: I0c44cfb5469fef0c12719baa951197ee2accee4a
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
It's a Qt 3 compatibility vehicle, and as such inherits the now-alien
property to distinguish empty and null strings. Particularly worrisome
is the following asymmetry:
QString("") == QString::null // false
QString("") == QString(QString::null) // true
Instead of fixing this behavior, recognize that people might use it as
a weird way to call isNull(), albeit one that once was idiomatic, and
simply deprecate everything that deals with QString::null.
[ChangeLog][QtCore][QString] QString::null is now deprecated. When
used to construct a QString, use QString() instead. When used to
compare to a QString, replace with QString::isNull().
Change-Id: I9f7e84a92522c75666da15f49324c500ae93af42
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>
Replace all QT_NO_PROCESS with QT_CONFIG(process), define it in
qconfig-bootstrapped.h, add QT_REQUIRE_CONFIG(process) to the qprocess
headers, exclude the sources from compilation when switched off, guard
header inclusions in places where compilation without QProcess seems
supported, drop some unused includes, and fix some tests that were
apparently designed to work with QT_NO_PROCESS but failed to.
Change-Id: Ieceea2504dea6fdf43b81c7c6b65c547b01b9714
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
After it started to fail (somehow it's only OpenSUSE 42.1) again and again
and after a quick re-evaluation it appears the logic testing SETTINGS|ACK
is incorrect. We (client side) start by sending the preface and then
continue to send our request(s). The other side (server) starts from sending its
SETTINGS frame. These settings must be ACKed, but apparently it can happen,
that server receives a requests and sends a reply before it receives SETTINGS|ACK,
resulting in replyFinished (replyFinishedWithError) signal and event loop stopping.
As a result - QVERIFY(serverGotSettingsACK) fails.
Task-number: QTBUG-58758
Change-Id: I8184cf459b2b88f70c646171e0115c184237fad1
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
HTTP Strict Transport Security (HSTS) is a web security policy that
allows a web server to declare that user agents should only interact
with it using secure HTTPS connections. HSTS is described by RFC6797.
This patch introduces a new API in Network Access Manager to enable
this policy or disable it (default - STS is disabled).
We also implement QHstsCache which caches known HTTS hosts, does
host name lookup and domain name matching; QHstsHeaderParser to
parse HSTS headers with HSTS policies.
A new autotest added to test the caching, host name matching
and headers parsing.
[ChangeLog][QtNetwork] Added HTTP Strict Transport Security to QNAM
Task-number: QTPM-238
Change-Id: Iabb5920344bf204a0d3036284f0d60675c29315c
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
With this new policy, after emitting 'redirected', QNetworkReplyHttpImpl
waits for client code to decide if QNAM should follow this redirect or
not. The client can either allow this redirect by emitting 'redirectAllowed'
or abort the reply.
Task-number: QTPM-236
Change-Id: Ia04619f6bd1f0caa477833ae859b24033027b2e1
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This patch makes it possible to enable/disable redirects on QNAM
level (before it was per-request only). This policy would be applied
to all subsequent requests* created by QNAM.
The policies we support at the moment:
a. Manual - that's what we always had - it's up to a user to handle
redirects.
b. NoLessSafeRedirectsPolicy - we allow http->http, http->https and
https->https redirects, but no protocol 'downgrade' (no
https->http redirects).
c. SameOriginPolicy - we check that protocol/host/port are
the same.
Updated tst_qnetworkreply.
*We previously were enabling redirect for each request, by
setting FollowRedirectsAttribute on QNetworkRequest object.
For backward compatibility this attribute has a higher priority
(if set) than QNAM's policy (and it will work as NoLessSafeRedirectsPolicy).
[ChangeLog][QtNetwork] Added redirects policy to QNAM
Task-number: QTPM-239
Task-number: QTPM-237
Change-Id: I493d1728254b71b61b5504937e8e01dca5953527
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Sometimes it is desirable to use a new connection but keep already
entered user credentials for usability reasons. This is now possible by
clearing the connection cache (but keeping the authentication cache).
Change-Id: I2f5f64836ce19f81c8525701783a3da823dd468e
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
- Fix the case when we erroneously handled stream ID == 0 in a GOAWAY frame as
an invalid stream ID.
- _q_receivedReply: convert do{}while() loop into to while(){} to prevent
it from handling any frames after GOAWAY frame received and all active frame
finished.
- sendRequest - if we received GOAWAY, also clear spdyRequests in the connection
channel, otherwise it keeps re-trying to send requests!
- Http network connection channel never resets a protocolHandler in _q_encrypted/
_q_connected, which is BAD for HTTP/2, since HTTP/2 has unique per-connection
compression context and must be reset - now we recreate the protocol handler in
_q_encrypted or _q_connected (https/http).
- Update autotest.
Task-number: QTBUG-57600
Change-Id: Ib864ce52287bab23334ff43a83ba4b0b7cb52c60
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
... after a member-function declaration: this would be a compilation error
anywhere outside of a class-definition, allowed as 'opt' inside a class-definition
and essentially not needed at all (and is already different from other
member-functions we have in the same code).
Change-Id: Ia689a41bf2a1052cd19eb8fb4766ed9635c20c88
Reviewed-by: Jesus Fernandez <jesus.fernandez@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Consistent with other Unix platforms, and internally consistent between tests,
as a lot of tests were already applying CONFIG -= app_bundle manually.
Change-Id: Icd2b7e1c08015b26137af60ff82fddbc753f0ff4
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
HTTP/2 allows a server to pre-emptively send (or "push") responses (along
with corresponding "promised" requests) to a client in association with a
previous client-initiated request. This can be useful when the server
knows the client will need to have those responses available in order
to fully process the response to the original request.
Server push is semantically equivalent to a server responding to a request;
however, in this case, that request is also sent by the server, as a
PUSH_PROMISE frame.
The PUSH_PROMISE frame includes a header block that contains a complete set
of request header fields that the server attributes to the request.
After sending the PUSH_PROMISE frame, the server can begin delivering the
pushed response as a response on a server-initiated stream that uses the
promised stream identifier.
This patch:
- fixes the HPACK decompression of PUSH_PROMISE frames;
- allows a user to enable PUSH_PROMISE;
- processes and caches pushed data for promised streams;
- updates auto-test - emulates a simple PUSH_PROMISE
scenario.
Change-Id: Ic4850863a5e3895320baac3871a723fc091b4aca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
There are more than 1000 new entries since the table has been
generated the last time. The autotest needs to be tweaked
because the rules for the .mz domains have changed; use the
.ck domain instead.
Change-Id: Ife692afd46ac41a66604e966e5e8cb57c7aa649c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
