Initial commit

2021-04-23 14:56:41 +02:00 · 2021-04-23 14:56:41 +02:00 · b0638b1d2a
commit b0638b1d2a
4 changed files with 73 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.log
--- a/border-48.png
+++ b/border-48.png
--- a/manifest.json
+++ b/manifest.json
@ -0,0 +1,31 @@
+{
+  "manifest_version": 2,
+  "name": "Problematyczne requesty",
+  "version": "1.0",
+
+  "description": "Adds a red border to all webpages matching mozilla.org.",
+
+  "icons": {
+    "48": "icons/border-48.png"
+  },
+
+  "background": {
+    "scripts": ["problematic.js"]
+  },
+
+  "browser_action": {
+    "default_icon": "border-48.png",
+    "default_title": "Pokaż problematyczne requesty",
+    "default_popup": "popup/choose_beast.html"
+  },
+  "icons": {
+    "48": "icons/border-48.png"
+  },
+  "permissions": [
+    "proxy",
+    "storage",
+    "<all_urls>",
+    "webRequest",
+    "webRequestBlocking"
+  ]
+}
--- a/problematic.js
+++ b/problematic.js
@ -0,0 +1,41 @@
+console.log("PROBLEMATIC REQUESTS");
+
+const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0;
+const hasCookie = (arg) => arg.requestHeaders.some((h) => h.name === "Cookie");
+const hasReferer = (arg) =>
+  arg.requestHeaders.some((h) => h.name === "Referer");
+
+const getReferer = (arg) =>
+  arg.requestHeaders.filter((h) => h.name === "Referer")[0].value;
+const getOrigin = async (arg) => {
+  let url;
+  if (arg.tabId) {
+    const tab = await browser.tabs.get(arg.tabId);
+    url = tab.url;
+  } else {
+    url = arg.frameAncestors[0].url;
+  }
+
+  return new URL(url).host;
+};
+
+const exposesOrigin = async (arg) => {
+  return getReferer(arg).includes(await getOrigin(arg));
+};
+
+browser.webRequest.onBeforeSendHeaders.addListener(
+  async (request) => {
+    // console.log(request.url, request.tabId);
+    if (
+      isThirdParty(request) &&
+      hasReferer(request) &&
+      (await exposesOrigin(request))
+    ) {
+      const has_cookie = hasCookie(request);
+      fn = has_cookie ? console.warn : console.log;
+      fn("Leaked referrer! Has cookie:", hasCookie(request), request.url);
+    }
+  },
+  { urls: ["<all_urls>"] },
+  ["requestHeaders"]
+);