Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Commit

Permalink
Send spoofed referer to typekit site
Browse files Browse the repository at this point in the history 
Fix #727

Auditors: @bbondy
  • Loading branch information
@diracdeltas
diracdeltas committed Feb 11, 2016
1 parent 5b4cc0e commit 0dd5619
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions app/filtering.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ const getBaseDomain = require('../js/lib/baseDomain').getBaseDomain

const filteringFns = []

// Third party domains that require a valid referer to work
const refererExceptions = ['use.typekit.net']

module.exports.registerFilteringCB = filteringFn => {
filteringFns.push(filteringFn)
}
Expand Down Expand Up @@ -45,15 +48,16 @@ function registerForSession (session) {
}

let requestHeaders = details.requestHeaders
let hostname = urlParse(details.url || '').hostname
if (module.exports.isResourceEnabled(AppConfig.resourceNames.COOKIEBLOCK) &&
module.exports.isThirdPartyHost(urlParse(details.firstPartyUrl || '').hostname,
urlParse(details.url || '').hostname)) {
hostname)) {
// Clear cookie and referer on third-party requests
if (requestHeaders['Cookie']) {
requestHeaders['Cookie'] = undefined
}
if (requestHeaders['Referer']) {
requestHeaders['Referer'] = undefined
requestHeaders['Referer'] = refererExceptions.includes(hostname) ? 'http://localhost' : undefined
}
}

Expand Down

1 comment on commit 0dd5619

@bbondy
Copy link
Member

@bbondy bbondy commented on 0dd5619 Feb 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++

Please sign in to comment.