New option cross_origin_referer to use origin only Referer
This commit is contained in:
@@ -1025,6 +1025,7 @@ global char *image_source init(NULL);
|
|||||||
#endif
|
#endif
|
||||||
global char *UserAgent init(NULL);
|
global char *UserAgent init(NULL);
|
||||||
global int NoSendReferer init(FALSE);
|
global int NoSendReferer init(FALSE);
|
||||||
|
global int CrossOriginReferer init(TRUE);
|
||||||
global char *AcceptLang init(NULL);
|
global char *AcceptLang init(NULL);
|
||||||
global char *AcceptEncoding init(NULL);
|
global char *AcceptEncoding init(NULL);
|
||||||
global char *AcceptMedia init(NULL);
|
global char *AcceptMedia init(NULL);
|
||||||
|
|||||||
@@ -194,6 +194,7 @@ static int OptionEncode = FALSE;
|
|||||||
#endif /* USE_MOUSE */
|
#endif /* USE_MOUSE */
|
||||||
#define CMT_CLEAR_BUF N_("Free memory of undisplayed buffers")
|
#define CMT_CLEAR_BUF N_("Free memory of undisplayed buffers")
|
||||||
#define CMT_NOSENDREFERER N_("Suppress `Referer:' header")
|
#define CMT_NOSENDREFERER N_("Suppress `Referer:' header")
|
||||||
|
#define CMT_CROSSORIGINREFERER N_("Exclude pathname and query string from `Referer:' header when cross domain communication")
|
||||||
#define CMT_IGNORE_CASE N_("Search case-insensitively")
|
#define CMT_IGNORE_CASE N_("Search case-insensitively")
|
||||||
#define CMT_USE_LESSOPEN N_("Use LESSOPEN")
|
#define CMT_USE_LESSOPEN N_("Use LESSOPEN")
|
||||||
#ifdef USE_SSL
|
#ifdef USE_SSL
|
||||||
@@ -678,6 +679,8 @@ struct param_ptr params9[] = {
|
|||||||
{"user_agent", P_STRING, PI_TEXT, (void *)&UserAgent, CMT_USERAGENT, NULL},
|
{"user_agent", P_STRING, PI_TEXT, (void *)&UserAgent, CMT_USERAGENT, NULL},
|
||||||
{"no_referer", P_INT, PI_ONOFF, (void *)&NoSendReferer, CMT_NOSENDREFERER,
|
{"no_referer", P_INT, PI_ONOFF, (void *)&NoSendReferer, CMT_NOSENDREFERER,
|
||||||
NULL},
|
NULL},
|
||||||
|
{"cross_origin_referer", P_INT, PI_ONOFF, (void *)&CrossOriginReferer,
|
||||||
|
CMT_CROSSORIGINREFERER, NULL},
|
||||||
{"accept_language", P_STRING, PI_TEXT, (void *)&AcceptLang, CMT_ACCEPTLANG,
|
{"accept_language", P_STRING, PI_TEXT, (void *)&AcceptLang, CMT_ACCEPTLANG,
|
||||||
NULL},
|
NULL},
|
||||||
{"accept_encoding", P_STRING, PI_TEXT, (void *)&AcceptEncoding,
|
{"accept_encoding", P_STRING, PI_TEXT, (void *)&AcceptEncoding,
|
||||||
|
|||||||
@@ -1374,6 +1374,21 @@ parsedURL2Str(ParsedURL *pu)
|
|||||||
return _parsedURL2Str(pu, FALSE, TRUE, TRUE);
|
return _parsedURL2Str(pu, FALSE, TRUE, TRUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static Str
|
||||||
|
parsedURL2RefererOriginStr(ParsedURL *pu)
|
||||||
|
{
|
||||||
|
Str s;
|
||||||
|
char *f = pu->file, *q = pu->query;
|
||||||
|
|
||||||
|
pu->file = NULL;
|
||||||
|
pu->query = NULL;
|
||||||
|
s = _parsedURL2Str(pu, FALSE, FALSE, FALSE);
|
||||||
|
pu->file = f;
|
||||||
|
pu->query = q;
|
||||||
|
|
||||||
|
return s;
|
||||||
|
}
|
||||||
|
|
||||||
Str
|
Str
|
||||||
parsedURL2RefererStr(ParsedURL *pu)
|
parsedURL2RefererStr(ParsedURL *pu)
|
||||||
{
|
{
|
||||||
@@ -1455,6 +1470,13 @@ otherinfo(ParsedURL *target, ParsedURL *current, char *referer)
|
|||||||
no_referer_ptr = query_SCONF_NO_REFERER_TO(target);
|
no_referer_ptr = query_SCONF_NO_REFERER_TO(target);
|
||||||
no_referer = no_referer || (no_referer_ptr && *no_referer_ptr);
|
no_referer = no_referer || (no_referer_ptr && *no_referer_ptr);
|
||||||
if (!no_referer) {
|
if (!no_referer) {
|
||||||
|
int cross_origin = FALSE;
|
||||||
|
if (CrossOriginReferer && current && current->host &&
|
||||||
|
(!target || !target->host ||
|
||||||
|
strcasecmp(current->host, target->host) != 0 ||
|
||||||
|
current->port != target->port ||
|
||||||
|
current->scheme != target->scheme))
|
||||||
|
cross_origin = TRUE;
|
||||||
#ifdef USE_SSL
|
#ifdef USE_SSL
|
||||||
if (current && current->scheme == SCM_HTTPS && target->scheme != SCM_HTTPS) {
|
if (current && current->scheme == SCM_HTTPS && target->scheme != SCM_HTTPS) {
|
||||||
/* Don't send Referer: if https:// -> http:// */
|
/* Don't send Referer: if https:// -> http:// */
|
||||||
@@ -1466,11 +1488,17 @@ otherinfo(ParsedURL *target, ParsedURL *current, char *referer)
|
|||||||
(current->scheme != SCM_FTP ||
|
(current->scheme != SCM_FTP ||
|
||||||
(current->user == NULL && current->pass == NULL))) {
|
(current->user == NULL && current->pass == NULL))) {
|
||||||
Strcat_charp(s, "Referer: ");
|
Strcat_charp(s, "Referer: ");
|
||||||
|
if (cross_origin)
|
||||||
|
Strcat(s, parsedURL2RefererOriginStr(current));
|
||||||
|
else
|
||||||
Strcat(s, parsedURL2RefererStr(current));
|
Strcat(s, parsedURL2RefererStr(current));
|
||||||
Strcat_charp(s, "\r\n");
|
Strcat_charp(s, "\r\n");
|
||||||
}
|
}
|
||||||
else if (referer != NULL && referer != NO_REFERER) {
|
else if (referer != NULL && referer != NO_REFERER) {
|
||||||
Strcat_charp(s, "Referer: ");
|
Strcat_charp(s, "Referer: ");
|
||||||
|
if (cross_origin)
|
||||||
|
Strcat(s, parsedURL2RefererOriginStr(current));
|
||||||
|
else
|
||||||
Strcat_charp(s, referer);
|
Strcat_charp(s, referer);
|
||||||
Strcat_charp(s, "\r\n");
|
Strcat_charp(s, "\r\n");
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user