privacy: never send cookies in third-party requests

as mentioned in section 7.1 of RFC 6265

6 files changed, 33 insertions, 13 deletions

diff --git a/ChangeLog b/ChangeLog
index ab8eb1c2..917df499 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ dillo-3.0.1 [not released yet]
 
 +- Add preference for UI theme.
  - Allow key bindings for paging left/right.
+ - Privacy -- never send cookies when making third-party requests.
    Patches: corvid
 
 -----------------------------------------------------------------------------
diff --git a/src/IO/Url.h b/src/IO/Url.h
index 95919f11..15934e13 100644
--- a/src/IO/Url.h
+++ b/src/IO/Url.h
@@ -18,7 +18,8 @@ int a_Http_proxy_auth(void);
 void a_Http_set_proxy_passwd(const char *str);
 char *a_Http_make_connect_str(const DilloUrl *url);
 const char *a_Http_get_proxy_urlstr();
-Dstr *a_Http_make_query_str(const DilloUrl *url, bool_t use_proxy);
+Dstr *a_Http_make_query_str(const DilloUrl *url, const DilloUrl *requester,
+                            bool_t use_proxy);
 
 void a_Http_ccc (int Op, int Branch, int Dir, ChainLink *Info,
                  void *Data1, void *Data2);
diff --git a/src/IO/http.c b/src/IO/http.c
index 526b8460..41ee137a 100644
--- a/src/IO/http.c
+++ b/src/IO/http.c
@@ -271,7 +271,8 @@ static Dstr *Http_make_content_type(const DilloUrl *url)
 /*
  * Make the http query string
  */
-Dstr *a_Http_make_query_str(const DilloUrl *url, bool_t use_proxy)
+Dstr *a_Http_make_query_str(const DilloUrl *url, const DilloUrl *requester,
+                            bool_t use_proxy)
 {
    const char *auth;
    char *ptr, *cookies, *referer;
@@ -296,7 +297,7 @@ Dstr *a_Http_make_query_str(const DilloUrl *url, bool_t use_proxy)
                     (URL_PATH_(url) || URL_QUERY_(url)) ? "" : "/");
    }
 
-   cookies = a_Cookies_get_query(url);
+   cookies = a_Cookies_get_query(url, requester);
    auth = a_Auth_get_auth_str(url);
    referer = Http_get_referer(url);
    if (URL_FLAGS(url) & URL_Post) {
@@ -365,7 +366,8 @@ static void Http_send_query(ChainLink *Info, SocketData_t *S)
    DataBuf *dbuf;
 
    /* Create the query */
-   query = a_Http_make_query_str(S->web->url,S->flags & HTTP_SOCKET_USE_PROXY);
+   query = a_Http_make_query_str(S->web->url, S->web->requester,
+                                 S->flags & HTTP_SOCKET_USE_PROXY);
    dbuf = a_Chain_dbuf_new(query->str, query->len, 0);
 
    /* actually this message is sent too early.
diff --git a/src/capi.c b/src/capi.c
index 33cfb54c..a0ede65d 100644
--- a/src/capi.c
+++ b/src/capi.c
@@ -300,7 +300,7 @@ static char *Capi_dpi_build_cmd(DilloWeb *web, char *server)
    if (strcmp(server, "proto.https") == 0) {
       /* Let's be kind and make the HTTP query string for the dpi */
       char *proxy_connect = a_Http_make_connect_str(web->url);
-      Dstr *http_query = a_Http_make_query_str(web->url, FALSE);
+      Dstr *http_query = a_Http_make_query_str(web->url, web->requester,FALSE);
       /* BUG: embedded NULLs in query data will truncate message */
 
       /* BUG: WORKAROUND: request to only check the root URL's certificate.
diff --git a/src/cookies.c b/src/cookies.c
index 7b9062e2..53ff452e 100644
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -179,7 +179,7 @@ void a_Cookies_set(Dlist *cookie_strings, const DilloUrl *set_url,
 /*
  * Return a string containing cookie data for an HTTP query.
  */
-char *a_Cookies_get_query(const DilloUrl *request_url)
+char *a_Cookies_get_query(const DilloUrl *query_url, const DilloUrl *requester)
 {
    char *cmd, *dpip_tag, *query;
    const char *path;
@@ -188,16 +188,31 @@ char *a_Cookies_get_query(const DilloUrl *request_url)
    if (disabled)
       return dStrdup("");
 
-   action = Cookies_control_check(request_url);
+   action = Cookies_control_check(query_url);
    if (action == COOKIE_DENY) {
-      _MSG("Cookies: denied GET for %s\n", URL_HOST_(request_url));
+      _MSG("Cookies: denied GET for %s\n", URL_HOST_(query_url));
       return dStrdup("");
    }
-   path = URL_PATH_(request_url);
+
+   if (requester == NULL) {
+      /* request made by user */
+   } else {
+      const char *req_host = URL_HOST(requester),
+                 *req_suffix = a_Url_host_find_public_suffix(req_host),
+                 *query_host = URL_HOST(query_url),
+                 *query_suffix = a_Url_host_find_public_suffix(query_host);
+      if (dStrcasecmp(req_suffix, query_suffix)) {
+         MSG("Cookies: No cookies sent for third-party request by '%s' for "
+              "'%s'\n", req_host, URL_STR(query_url));
+         return dStrdup("");
+      }
+   }
+
+   path = URL_PATH_(query_url);
 
    cmd = a_Dpip_build_cmd("cmd=%s scheme=%s host=%s path=%s",
-                          "get_cookie", URL_SCHEME(request_url),
-                         URL_HOST(request_url), path ? path : "/");
+                          "get_cookie", URL_SCHEME(query_url),
+                         URL_HOST(query_url), path ? path : "/");
 
    /* Get the answer from cookies.dpi */
    _MSG("cookies.c: a_Dpi_send_blocking_cmd cmd = {%s}\n", cmd);
diff --git a/src/cookies.h b/src/cookies.h
index d6ee1ccd..1cdb82ac 100644
--- a/src/cookies.h
+++ b/src/cookies.h
@@ -7,12 +7,13 @@ extern "C" {
 
 
 #ifdef DISABLE_COOKIES
-# define a_Cookies_get_query(url)  dStrdup("")
+# define a_Cookies_get_query(url, requester)  dStrdup("")
 # define a_Cookies_set()     ;
 # define a_Cookies_init()    ;
 # define a_Cookies_freeall() ;
 #else
-  char *a_Cookies_get_query(const DilloUrl *request_url);
+  char *a_Cookies_get_query(const DilloUrl *query_url,
+                            const DilloUrl *requester);
   void  a_Cookies_set(Dlist *cookie_string, const DilloUrl *set_url,
                       const char *server_date);
   void  a_Cookies_init( void );