On 05/09/2013 04:54 PM, Thiago Macieira wrote: > On quinta-feira, 9 de maio de 2013 16.44.10, Justin Karneges wrote: >> Hi people, >> >> I discussed this feature with Shane and went ahead and made a patch. >> >> The idea is to be able to explicitly specify a TCP host/port target for >> an HTTP request, while leaving everything else alone. The HTTP Host >> header, TLS certificate validation, and TLS server name indication would >> all go against the host from the URL. >> >> I personally need this feature so I can enforce IP address restrictions >> on HTTP requests. My application resolves the host from the URL in >> advance, and if the IP address is allowed then I use it as the connect >> host when the request is made. Currently, I'm making this work in my >> application by rewriting the URL to contain the IP address and then >> overriding the HTTP Host header with the original host. Unfortunately, >> that approach doesn't work for https URLs. My patch makes things cleaner >> and works with https. >> >> The feature could also be useful in testing environments. And in >> general, manual connect host overrides are handy to have in protocol >> network libs just in case. > > Hi Justin > > I understand the feature would be useful in certain conditions, but I'm not > sure yours is one of them. You can probably just easily override the > QNetworkAccessManager class and do the IP address verification. If it fails, > return a QNetworkReply that indicates the error condition. If it passes, > proceed with the actual QNetworkAccessManager call.
Hi Thiago, You're saying to validate the IP address, and if that succeeds then request the original URL? This would work most of the time, but it is not airtight. The domain could end up resolving somewhere else after the check succeeds. > Anyway, for various reasons we can't look at your patch when sent to the > mailing list (if we did, we would not be able to implement it later > ourselves). So please upload it to Gerrit and we can have the discussion > there. Will do. Justin _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
