From d8696045b4c6bc4d9e33789cff6a9e1fa75462d7 Mon Sep 17 00:00:00 2001 From: Sean McArthur Date: Thu, 18 May 2017 11:26:28 -0700 Subject: [PATCH] referer updates - Don't set Referer if going from https to http - Explicitly remove username, password, and fragment from Referer --- src/client.rs | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/client.rs b/src/client.rs index 1619529fc..2b9cd6a7c 100644 --- a/src/client.rs +++ b/src/client.rs @@ -338,7 +338,9 @@ impl RequestBuilder { url = match loc { Ok(loc) => { if client.auto_referer.load(Ordering::Relaxed) { - headers.set(Referer(url.to_string())); + if let Some(referer) = make_referer(&loc, &url) { + headers.set(referer); + } } urls.push(url); let action = check_redirect(&client.redirect_policy.lock().unwrap(), &loc, &urls); @@ -383,6 +385,18 @@ impl fmt::Debug for RequestBuilder { } } +fn make_referer(next: &Url, previous: &Url) -> Option { + if next.scheme() == "http" && previous.scheme() == "https" { + return None; + } + + let mut referer = previous.clone(); + let _ = referer.set_username(""); + let _ = referer.set_password(None); + referer.set_fragment(None); + Some(Referer(referer.into_string())) +} + #[cfg(test)] mod tests { use super::*;