[tbb-commits] [tor-browser/tor-browser-45.3.0esr-6.5-1] Bug 17334: Spoof referrer when leaving a .onion domain
gk at torproject.org
gk at torproject.org
Thu Sep 15 09:29:02 UTC 2016
commit 5837ac47afae9ca736ec4c4fedf0d83d6a601bc9
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date: Fri Sep 9 22:50:47 2016 -0700
Bug 17334: Spoof referrer when leaving a .onion domain
Note I also remove a superfluous and confusing line,
`currentHost = referrerHost;`
---
netwerk/protocol/http/HttpBaseChannel.cpp | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
index 76c4a9a..8d9a408 100644
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -14,6 +14,7 @@
#include "nsMimeTypes.h"
#include "nsNetCID.h"
#include "nsNetUtil.h"
+#include "nsReadableUtils.h"
#include "nsICachingChannel.h"
#include "nsIDOMDocument.h"
@@ -1389,13 +1390,15 @@ HttpBaseChannel::SetReferrerWithPolicy(nsIURI *referrer,
return NS_OK;
}
- // send spoofed referrer if desired
- if (userSpoofReferrerSource) {
+ bool leavingOnion = !currentHost.Equals(referrerHost) &&
+ StringEndsWith(referrerHost, NS_LITERAL_CSTRING(".onion"));
+
+ // send spoofed referrer if desired by user, or if we are leaving a .onion
+ if (userSpoofReferrerSource || leavingOnion) {
nsCOMPtr<nsIURI> mURIclone;
rv = mURI->CloneIgnoringRef(getter_AddRefs(mURIclone));
if (NS_FAILED(rv)) return rv;
clone = mURIclone;
- currentHost = referrerHost;
}
// strip away any userpass; we don't want to be giving out passwords ;-)
More information about the tbb-commits
mailing list