checkpoint

This commit is contained in:
Kuba Orlik 2021-05-16 07:54:41 +02:00
parent b0638b1d2a
commit 750b68fa24

View File

@ -1,12 +1,21 @@
console.log("PROBLEMATIC REQUESTS"); console.log("PROBLEMATIC REQUESTS");
const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0; // const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0;
async function isThirdParty(request) {
const request_url = new URL(request.url);
const origin_url = new URL(await getOrigin(request));
return (
request_url.origin != origin_url.origin ||
request.urlClassification.thirdParty.length > 0
);
}
const hasCookie = (arg) => arg.requestHeaders.some((h) => h.name === "Cookie"); const hasCookie = (arg) => arg.requestHeaders.some((h) => h.name === "Cookie");
const hasReferer = (arg) => const hasReferer = (arg) =>
arg.requestHeaders.some((h) => h.name === "Referer"); arg.requestHeaders.some((h) => h.name === "Referer");
const getReferer = (arg) => const getReferer = (arg) =>
arg.requestHeaders.filter((h) => h.name === "Referer")[0].value; arg.requestHeaders.filter((h) => h.name === "Referer")[0].value;
const getOrigin = async (arg) => { const getOrigin = async (arg) => {
let url; let url;
if (arg.tabId) { if (arg.tabId) {
@ -16,24 +25,29 @@ const getOrigin = async (arg) => {
url = arg.frameAncestors[0].url; url = arg.frameAncestors[0].url;
} }
return new URL(url).host; return url;
}; };
const exposesOrigin = async (arg) => { const exposesOrigin = async (arg) => {
return getReferer(arg).includes(await getOrigin(arg)); return getReferer(arg).includes(new URL(await getOrigin(arg)).host);
}; };
browser.webRequest.onBeforeSendHeaders.addListener( browser.webRequest.onBeforeSendHeaders.addListener(
async (request) => { async (request) => {
// console.log(request.url, request.tabId);
if ( if (
isThirdParty(request) && (await isThirdParty(request)) &&
hasReferer(request) && hasReferer(request) &&
(await exposesOrigin(request)) (await exposesOrigin(request))
) { ) {
const has_cookie = hasCookie(request); const has_cookie = hasCookie(request);
fn = has_cookie ? console.warn : console.log; fn = has_cookie ? console.warn : console.log;
fn("Leaked referrer! Has cookie:", hasCookie(request), request.url); fn(
"Leaked referrer! Has cookie:",
hasCookie(request),
request.url,
"referer was",
getReferer(request)
);
} }
}, },
{ urls: ["<all_urls>"] }, { urls: ["<all_urls>"] },