[tbb-commits] [tor-browser/tor-browser-68.2.0esr-9.5-1] Bug 1598647 - Set Origin to null with network.http.referer.hideOnionSource r=JuniorHsu
gk at torproject.org
gk at torproject.org
Tue Nov 26 15:12:03 UTC 2019
commit 1b5b65b5c8f11e3f2fd30ca0604fde741bc2c749
Author: Alex Catarineu <acat at torproject.org>
Date: Mon Nov 25 13:29:47 2019 +0000
Bug 1598647 - Set Origin to null with network.http.referer.hideOnionSource r=JuniorHsu
Differential Revision: https://phabricator.services.mozilla.com/D54303
--HG--
extra : moz-landing-system : lando
---
dom/security/ReferrerInfo.cpp | 3 ++-
dom/security/ReferrerInfo.h | 2 +-
netwerk/protocol/http/nsCORSListenerProxy.cpp | 2 +-
netwerk/protocol/http/nsHttpChannel.cpp | 17 +++++++----------
4 files changed, 11 insertions(+), 13 deletions(-)
diff --git a/dom/security/ReferrerInfo.cpp b/dom/security/ReferrerInfo.cpp
index 2d06d9b3d3d3..25d9cd3290c0 100644
--- a/dom/security/ReferrerInfo.cpp
+++ b/dom/security/ReferrerInfo.cpp
@@ -322,7 +322,8 @@ nsresult ReferrerInfo::HandleUserReferrerSendingPolicy(nsIHttpChannel* aChannel,
return NS_OK;
}
-bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) const {
+/* static */
+bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) {
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
nsCOMPtr<nsIURI> triggeringURI;
diff --git a/dom/security/ReferrerInfo.h b/dom/security/ReferrerInfo.h
index bf21233a0510..5fa052f3f32d 100644
--- a/dom/security/ReferrerInfo.h
+++ b/dom/security/ReferrerInfo.h
@@ -155,7 +155,7 @@ class ReferrerInfo : public nsIReferrerInfo {
* Computing whether the request is cross-origin may be expensive, so please
* do that in cases where we're going to use this information later on.
*/
- bool IsCrossOriginRequest(nsIHttpChannel* aChannel) const;
+ static bool IsCrossOriginRequest(nsIHttpChannel* aChannel);
/*
* Check whether referrer is allowed to send in secure to insecure scenario.
diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp b/netwerk/protocol/http/nsCORSListenerProxy.cpp
index 36b263ddf003..36027a5d2809 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ -985,7 +985,7 @@ nsresult nsCORSListenerProxy::UpdateChannel(nsIChannel* aChannel,
if (!currentOrgin.EqualsIgnoreCase(origin.get()) &&
StringEndsWith(potentialOnionHost, NS_LITERAL_CSTRING(".onion"))) {
- origin.Truncate();
+ origin.AssignLiteral("null");
}
}
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index b2d58379affe..7e1730c13b6a 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -9631,8 +9631,7 @@ void nsHttpChannel::SetOriginHeader() {
nsContentUtils::GetASCIIOrigin(referrer, origin);
}
- // Restrict Origin to same-origin loads if requested by user or leaving from
- // .onion
+ // Restrict Origin to same-origin loads if requested by user
if (sSendOriginHeader == 1) {
nsAutoCString currentOrigin;
nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
@@ -9640,16 +9639,14 @@ void nsHttpChannel::SetOriginHeader() {
// Origin header suppressed by user setting
return;
}
- } else if (dom::ReferrerInfo::HideOnionReferrerSource()) {
+ }
+
+ if (dom::ReferrerInfo::HideOnionReferrerSource()) {
nsAutoCString host;
if (referrer && NS_SUCCEEDED(referrer->GetAsciiHost(host)) &&
- StringEndsWith(host, NS_LITERAL_CSTRING(".onion"))) {
- nsAutoCString currentOrigin;
- nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
- if (!origin.EqualsIgnoreCase(currentOrigin.get())) {
- // Origin header is suppressed by .onion
- return;
- }
+ StringEndsWith(host, NS_LITERAL_CSTRING(".onion")) &&
+ dom::ReferrerInfo::IsCrossOriginRequest(this)) {
+ origin.AssignLiteral("null");
}
}
More information about the tbb-commits
mailing list