aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog1
-rw-r--r--src/IO/Url.h3
-rw-r--r--src/IO/http.c8
-rw-r--r--src/capi.c2
-rw-r--r--src/cookies.c27
-rw-r--r--src/cookies.h5
6 files changed, 33 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index ab8eb1c2..917df499 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ dillo-3.0.1 [not released yet]
+- Add preference for UI theme.
- Allow key bindings for paging left/right.
+ - Privacy -- never send cookies when making third-party requests.
Patches: corvid
-----------------------------------------------------------------------------
diff --git a/src/IO/Url.h b/src/IO/Url.h
index 95919f11..15934e13 100644
--- a/src/IO/Url.h
+++ b/src/IO/Url.h
@@ -18,7 +18,8 @@ int a_Http_proxy_auth(void);
void a_Http_set_proxy_passwd(const char *str);
char *a_Http_make_connect_str(const DilloUrl *url);
const char *a_Http_get_proxy_urlstr();
-Dstr *a_Http_make_query_str(const DilloUrl *url, bool_t use_proxy);
+Dstr *a_Http_make_query_str(const DilloUrl *url, const DilloUrl *requester,
+ bool_t use_proxy);
void a_Http_ccc (int Op, int Branch, int Dir, ChainLink *Info,
void *Data1, void *Data2);
diff --git a/src/IO/http.c b/src/IO/http.c
index 526b8460..41ee137a 100644
--- a/src/IO/http.c
+++ b/src/IO/http.c
@@ -271,7 +271,8 @@ static Dstr *Http_make_content_type(const DilloUrl *url)
/*
* Make the http query string
*/
-Dstr *a_Http_make_query_str(const DilloUrl *url, bool_t use_proxy)
+Dstr *a_Http_make_query_str(const DilloUrl *url, const DilloUrl *requester,
+ bool_t use_proxy)
{
const char *auth;
char *ptr, *cookies, *referer;
@@ -296,7 +297,7 @@ Dstr *a_Http_make_query_str(const DilloUrl *url, bool_t use_proxy)
(URL_PATH_(url) || URL_QUERY_(url)) ? "" : "/");
}
- cookies = a_Cookies_get_query(url);
+ cookies = a_Cookies_get_query(url, requester);
auth = a_Auth_get_auth_str(url);
referer = Http_get_referer(url);
if (URL_FLAGS(url) & URL_Post) {
@@ -365,7 +366,8 @@ static void Http_send_query(ChainLink *Info, SocketData_t *S)
DataBuf *dbuf;
/* Create the query */
- query = a_Http_make_query_str(S->web->url,S->flags & HTTP_SOCKET_USE_PROXY);
+ query = a_Http_make_query_str(S->web->url, S->web->requester,
+ S->flags & HTTP_SOCKET_USE_PROXY);
dbuf = a_Chain_dbuf_new(query->str, query->len, 0);
/* actually this message is sent too early.
diff --git a/src/capi.c b/src/capi.c
index 33cfb54c..a0ede65d 100644
--- a/src/capi.c
+++ b/src/capi.c
@@ -300,7 +300,7 @@ static char *Capi_dpi_build_cmd(DilloWeb *web, char *server)
if (strcmp(server, "proto.https") == 0) {
/* Let's be kind and make the HTTP query string for the dpi */
char *proxy_connect = a_Http_make_connect_str(web->url);
- Dstr *http_query = a_Http_make_query_str(web->url, FALSE);
+ Dstr *http_query = a_Http_make_query_str(web->url, web->requester,FALSE);
/* BUG: embedded NULLs in query data will truncate message */
/* BUG: WORKAROUND: request to only check the root URL's certificate.
diff --git a/src/cookies.c b/src/cookies.c
index 7b9062e2..53ff452e 100644
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -179,7 +179,7 @@ void a_Cookies_set(Dlist *cookie_strings, const DilloUrl *set_url,
/*
* Return a string containing cookie data for an HTTP query.
*/
-char *a_Cookies_get_query(const DilloUrl *request_url)
+char *a_Cookies_get_query(const DilloUrl *query_url, const DilloUrl *requester)
{
char *cmd, *dpip_tag, *query;
const char *path;
@@ -188,16 +188,31 @@ char *a_Cookies_get_query(const DilloUrl *request_url)
if (disabled)
return dStrdup("");
- action = Cookies_control_check(request_url);
+ action = Cookies_control_check(query_url);
if (action == COOKIE_DENY) {
- _MSG("Cookies: denied GET for %s\n", URL_HOST_(request_url));
+ _MSG("Cookies: denied GET for %s\n", URL_HOST_(query_url));
return dStrdup("");
}
- path = URL_PATH_(request_url);
+
+ if (requester == NULL) {
+ /* request made by user */
+ } else {
+ const char *req_host = URL_HOST(requester),
+ *req_suffix = a_Url_host_find_public_suffix(req_host),
+ *query_host = URL_HOST(query_url),
+ *query_suffix = a_Url_host_find_public_suffix(query_host);
+ if (dStrcasecmp(req_suffix, query_suffix)) {
+ MSG("Cookies: No cookies sent for third-party request by '%s' for "
+ "'%s'\n", req_host, URL_STR(query_url));
+ return dStrdup("");
+ }
+ }
+
+ path = URL_PATH_(query_url);
cmd = a_Dpip_build_cmd("cmd=%s scheme=%s host=%s path=%s",
- "get_cookie", URL_SCHEME(request_url),
- URL_HOST(request_url), path ? path : "/");
+ "get_cookie", URL_SCHEME(query_url),
+ URL_HOST(query_url), path ? path : "/");
/* Get the answer from cookies.dpi */
_MSG("cookies.c: a_Dpi_send_blocking_cmd cmd = {%s}\n", cmd);
diff --git a/src/cookies.h b/src/cookies.h
index d6ee1ccd..1cdb82ac 100644
--- a/src/cookies.h
+++ b/src/cookies.h
@@ -7,12 +7,13 @@ extern "C" {
#ifdef DISABLE_COOKIES
-# define a_Cookies_get_query(url) dStrdup("")
+# define a_Cookies_get_query(url, requester) dStrdup("")
# define a_Cookies_set() ;
# define a_Cookies_init() ;
# define a_Cookies_freeall() ;
#else
- char *a_Cookies_get_query(const DilloUrl *request_url);
+ char *a_Cookies_get_query(const DilloUrl *query_url,
+ const DilloUrl *requester);
void a_Cookies_set(Dlist *cookie_string, const DilloUrl *set_url,
const char *server_date);
void a_Cookies_init( void );