From 8cd1d43798b8e510c71cb7fab95a19e3ca6238fd Mon Sep 17 00:00:00 2001
From: Markus Goetz <markus@woboq.com>
Date: Mon, 11 Aug 2014 15:40:12 +0200
Subject: [PATCH] TokenCredentials: Don't overwrite Cookie header

If the request already had a cookie header, there was a reason for it.
Don't blindly overwrite it.
---
 src/creds/tokencredentials.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/creds/tokencredentials.cpp b/src/creds/tokencredentials.cpp
index 7e9a56238..613dbd808 100644
--- a/src/creds/tokencredentials.cpp
+++ b/src/creds/tokencredentials.cpp
@@ -88,7 +88,10 @@ protected:
         QByteArray credHash = QByteArray(_cred->user().toUtf8()+":"+_cred->password().toUtf8()).toBase64();
         req.setRawHeader(QByteArray("Authorization"), QByteArray("Basic ") + credHash);
 
-        req.setRawHeader("Cookie", _cred->_token.toUtf8()); // analogous to neon in syncContextPreStart
+        if (!req.hasRawHeader("Cookie")) {
+            // Only use our token if the request doesn't have a cookie already (e.g. because of direct download URL)
+            req.setRawHeader("Cookie", _cred->_token.toUtf8()); // analogous to neon in syncContextPreStart
+        }
 
         return MirallAccessManager::createRequest(op, req, outgoingData);
     }