From 0dd5619d8dd05b249d75da3289f861a43c8612aa Mon Sep 17 00:00:00 2001
From: yan <yan@mit.edu>
Date: Thu, 11 Feb 2016 12:03:47 -0800
Subject: [PATCH] Send spoofed referer to typekit site

Fix #727

Auditors: @bbondy
---
 app/filtering.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/filtering.js b/app/filtering.js
index 5df3e12e63d..6b565d7a1cb 100644
--- a/app/filtering.js
+++ b/app/filtering.js
@@ -15,6 +15,9 @@ const getBaseDomain = require('../js/lib/baseDomain').getBaseDomain
 
 const filteringFns = []
 
+// Third party domains that require a valid referer to work
+const refererExceptions = ['use.typekit.net']
+
 module.exports.registerFilteringCB = filteringFn => {
   filteringFns.push(filteringFn)
 }
@@ -45,15 +48,16 @@ function registerForSession (session) {
     }
 
     let requestHeaders = details.requestHeaders
+    let hostname = urlParse(details.url || '').hostname
     if (module.exports.isResourceEnabled(AppConfig.resourceNames.COOKIEBLOCK) &&
         module.exports.isThirdPartyHost(urlParse(details.firstPartyUrl || '').hostname,
-                                        urlParse(details.url || '').hostname)) {
+                                        hostname)) {
       // Clear cookie and referer on third-party requests
       if (requestHeaders['Cookie']) {
         requestHeaders['Cookie'] = undefined
       }
       if (requestHeaders['Referer']) {
-        requestHeaders['Referer'] = undefined
+        requestHeaders['Referer'] = refererExceptions.includes(hostname) ? 'http://localhost' : undefined
       }
     }