Commit 64e36f30 authored by Alex Catarineu's avatar Alex Catarineu Committed by Matthew Finkel
Browse files

Bug 1598647 - Set Origin to null with network.http.referer.hideOnionSource r=JuniorHsu 

Differential Revision: https://phabricator.services.mozilla.com/D54303

--HG--
extra : moz-landing-system : lando
parent e54c6d54

dom/security/ReferrerInfo.cpp

+2 −1
Original line number Diff line number Diff line
@@ -322,7 +322,8 @@ nsresult ReferrerInfo::HandleUserReferrerSendingPolicy(nsIHttpChannel* aChannel, 
  return NS_OK;

}



bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) const {

/* static */

bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) {

  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();



  nsCOMPtr<nsIURI> triggeringURI;

dom/security/ReferrerInfo.h

+1 −1
Original line number Diff line number Diff line
@@ -155,7 +155,7 @@ class ReferrerInfo : public nsIReferrerInfo { 
   * Computing whether the request is cross-origin may be expensive, so please

   * do that in cases where we're going to use this information later on.

   */

  bool IsCrossOriginRequest(nsIHttpChannel* aChannel) const;

  static bool IsCrossOriginRequest(nsIHttpChannel* aChannel);



  /*

   * Check whether referrer is allowed to send in secure to insecure scenario.

netwerk/protocol/http/nsCORSListenerProxy.cpp

+1 −1
Original line number Diff line number Diff line
@@ -995,7 +995,7 @@ nsresult nsCORSListenerProxy::UpdateChannel(nsIChannel* aChannel, 


    if (!currentOrgin.EqualsIgnoreCase(origin.get()) &&

        StringEndsWith(potentialOnionHost, NS_LITERAL_CSTRING(".onion"))) {

      origin.Truncate();

      origin.AssignLiteral("null");

    }

  }

netwerk/protocol/http/nsHttpChannel.cpp

+7 −10
Original line number Diff line number Diff line
@@ -9634,8 +9634,7 @@ void nsHttpChannel::SetOriginHeader() { 
    nsContentUtils::GetASCIIOrigin(referrer, origin);

  }



  // Restrict Origin to same-origin loads if requested by user or leaving from

  // .onion

  // Restrict Origin to same-origin loads if requested by user

  if (sSendOriginHeader == 1) {

    nsAutoCString currentOrigin;

    nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
@@ -9643,16 +9642,14 @@ void nsHttpChannel::SetOriginHeader() { 
      // Origin header suppressed by user setting

      return;

    }

  } else if (dom::ReferrerInfo::HideOnionReferrerSource()) {

  }



  if (dom::ReferrerInfo::HideOnionReferrerSource()) {

    nsAutoCString host;

    if (referrer && NS_SUCCEEDED(referrer->GetAsciiHost(host)) &&

        StringEndsWith(host, NS_LITERAL_CSTRING(".onion"))) {

      nsAutoCString currentOrigin;

      nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);

      if (!origin.EqualsIgnoreCase(currentOrigin.get())) {

        // Origin header is suppressed by .onion

        return;

      }

        StringEndsWith(host, NS_LITERAL_CSTRING(".onion")) &&

        dom::ReferrerInfo::IsCrossOriginRequest(this)) {

      origin.AssignLiteral("null");

    }

  }