checkpoint
This commit is contained in:
parent
b0638b1d2a
commit
750b68fa24
@ -1,12 +1,21 @@
|
||||
console.log("PROBLEMATIC REQUESTS");
|
||||
|
||||
const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0;
|
||||
// const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0;
|
||||
async function isThirdParty(request) {
|
||||
const request_url = new URL(request.url);
|
||||
const origin_url = new URL(await getOrigin(request));
|
||||
return (
|
||||
request_url.origin != origin_url.origin ||
|
||||
request.urlClassification.thirdParty.length > 0
|
||||
);
|
||||
}
|
||||
const hasCookie = (arg) => arg.requestHeaders.some((h) => h.name === "Cookie");
|
||||
const hasReferer = (arg) =>
|
||||
arg.requestHeaders.some((h) => h.name === "Referer");
|
||||
|
||||
const getReferer = (arg) =>
|
||||
arg.requestHeaders.filter((h) => h.name === "Referer")[0].value;
|
||||
|
||||
const getOrigin = async (arg) => {
|
||||
let url;
|
||||
if (arg.tabId) {
|
||||
@ -16,24 +25,29 @@ const getOrigin = async (arg) => {
|
||||
url = arg.frameAncestors[0].url;
|
||||
}
|
||||
|
||||
return new URL(url).host;
|
||||
return url;
|
||||
};
|
||||
|
||||
const exposesOrigin = async (arg) => {
|
||||
return getReferer(arg).includes(await getOrigin(arg));
|
||||
return getReferer(arg).includes(new URL(await getOrigin(arg)).host);
|
||||
};
|
||||
|
||||
browser.webRequest.onBeforeSendHeaders.addListener(
|
||||
async (request) => {
|
||||
// console.log(request.url, request.tabId);
|
||||
if (
|
||||
isThirdParty(request) &&
|
||||
(await isThirdParty(request)) &&
|
||||
hasReferer(request) &&
|
||||
(await exposesOrigin(request))
|
||||
) {
|
||||
const has_cookie = hasCookie(request);
|
||||
fn = has_cookie ? console.warn : console.log;
|
||||
fn("Leaked referrer! Has cookie:", hasCookie(request), request.url);
|
||||
fn(
|
||||
"Leaked referrer! Has cookie:",
|
||||
hasCookie(request),
|
||||
request.url,
|
||||
"referer was",
|
||||
getReferer(request)
|
||||
);
|
||||
}
|
||||
},
|
||||
{ urls: ["<all_urls>"] },
|
||||
|
Loading…
Reference in New Issue
Block a user