aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fm.h1
-rw-r--r--rc.c3
-rw-r--r--url.c32
3 files changed, 34 insertions, 2 deletions
diff --git a/fm.h b/fm.h
index ab14b66..e847567 100644
--- a/fm.h
+++ b/fm.h
@@ -1025,6 +1025,7 @@ global char *image_source init(NULL);
#endif
global char *UserAgent init(NULL);
global int NoSendReferer init(FALSE);
+global int CrossOriginReferer init(TRUE);
global char *AcceptLang init(NULL);
global char *AcceptEncoding init(NULL);
global char *AcceptMedia init(NULL);
diff --git a/rc.c b/rc.c
index c238e3e..c93dcd6 100644
--- a/rc.c
+++ b/rc.c
@@ -194,6 +194,7 @@ static int OptionEncode = FALSE;
#endif /* USE_MOUSE */
#define CMT_CLEAR_BUF N_("Free memory of undisplayed buffers")
#define CMT_NOSENDREFERER N_("Suppress `Referer:' header")
+#define CMT_CROSSORIGINREFERER N_("Exclude pathname and query string from `Referer:' header when cross domain communication")
#define CMT_IGNORE_CASE N_("Search case-insensitively")
#define CMT_USE_LESSOPEN N_("Use LESSOPEN")
#ifdef USE_SSL
@@ -678,6 +679,8 @@ struct param_ptr params9[] = {
{"user_agent", P_STRING, PI_TEXT, (void *)&UserAgent, CMT_USERAGENT, NULL},
{"no_referer", P_INT, PI_ONOFF, (void *)&NoSendReferer, CMT_NOSENDREFERER,
NULL},
+ {"cross_origin_referer", P_INT, PI_ONOFF, (void *)&CrossOriginReferer,
+ CMT_CROSSORIGINREFERER, NULL},
{"accept_language", P_STRING, PI_TEXT, (void *)&AcceptLang, CMT_ACCEPTLANG,
NULL},
{"accept_encoding", P_STRING, PI_TEXT, (void *)&AcceptEncoding,
diff --git a/url.c b/url.c
index 25bfb1b..55a794d 100644
--- a/url.c
+++ b/url.c
@@ -1374,6 +1374,21 @@ parsedURL2Str(ParsedURL *pu)
return _parsedURL2Str(pu, FALSE, TRUE, TRUE);
}
+static Str
+parsedURL2RefererOriginStr(ParsedURL *pu)
+{
+ Str s;
+ char *f = pu->file, *q = pu->query;
+
+ pu->file = NULL;
+ pu->query = NULL;
+ s = _parsedURL2Str(pu, FALSE, FALSE, FALSE);
+ pu->file = f;
+ pu->query = q;
+
+ return s;
+}
+
Str
parsedURL2RefererStr(ParsedURL *pu)
{
@@ -1455,6 +1470,13 @@ otherinfo(ParsedURL *target, ParsedURL *current, char *referer)
no_referer_ptr = query_SCONF_NO_REFERER_TO(target);
no_referer = no_referer || (no_referer_ptr && *no_referer_ptr);
if (!no_referer) {
+ int cross_origin = FALSE;
+ if (CrossOriginReferer && current && current->host &&
+ (!target || !target->host ||
+ strcasecmp(current->host, target->host) != 0 ||
+ current->port != target->port ||
+ current->scheme != target->scheme))
+ cross_origin = TRUE;
#ifdef USE_SSL
if (current && current->scheme == SCM_HTTPS && target->scheme != SCM_HTTPS) {
/* Don't send Referer: if https:// -> http:// */
@@ -1466,12 +1488,18 @@ otherinfo(ParsedURL *target, ParsedURL *current, char *referer)
(current->scheme != SCM_FTP ||
(current->user == NULL && current->pass == NULL))) {
Strcat_charp(s, "Referer: ");
- Strcat(s, parsedURL2RefererStr(current));
+ if (cross_origin)
+ Strcat(s, parsedURL2RefererOriginStr(current));
+ else
+ Strcat(s, parsedURL2RefererStr(current));
Strcat_charp(s, "\r\n");
}
else if (referer != NULL && referer != NO_REFERER) {
Strcat_charp(s, "Referer: ");
- Strcat_charp(s, referer);
+ if (cross_origin)
+ Strcat(s, parsedURL2RefererOriginStr(current));
+ else
+ Strcat_charp(s, referer);
Strcat_charp(s, "\r\n");
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 14:39:38 +0000