From 476caeec459ecdee0b4e56f77ce46f76dfbfc817 Mon Sep 17 00:00:00 2001
From: corvid <devnull@localhost>
Date: Mon, 29 Jun 2015 16:29:28 +0000
Subject: prefs.http_strict_transport_security

---
 dillorc            |  9 +++++++++
 src/cache.c        |  3 ++-
 src/hsts.c         | 26 +++++++++++++++-----------
 src/prefs.c        |  1 +
 src/prefs.h        |  1 +
 src/prefsparser.cc |  2 ++
 src/url.c          |  3 ++-
 7 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/dillorc b/dillorc
index 18d52dd0..fb37a86f 100644
--- a/dillorc
+++ b/dillorc
@@ -189,6 +189,15 @@ search_url="Google http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=%s"
 # page/image/stylesheet.
 #http_persistent_conns=NO
 
+# This mechanism allows servers to specify that they are only to be contacted
+# through HTTPS and not HTTP.
+#
+# On the whole, this is a valuable security measure against TLS stripping
+# attacks, etc., but in principle a site could contrive to use this as a
+# tracking mechanism. The term is "HSTS super cookie", although note that these
+* HSTS directives are not saved between browser sessions.
+#http_strict_transport_security=YES
+
 # Set the proxy information for http/https.
 # Note that the http_proxy environment variable overrides this setting.
 # WARNING: FTP and downloads plugins use wget. To use a proxy with them,
diff --git a/src/cache.c b/src/cache.c
index cc33db9c..b082ef89 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -722,7 +722,8 @@ static void Cache_parse_header(CacheEntry_t *entry)
       dFree(connection);
    }
 
-   if (!dStrAsciiCasecmp(URL_SCHEME(entry->Url), "https") &&
+   if (prefs.http_strict_transport_security &&
+       !dStrAsciiCasecmp(URL_SCHEME(entry->Url), "https") &&
        !a_Url_host_is_ip(URL_HOST(entry->Url)) &&
        (hsts = Cache_parse_field(header, "Strict-Transport-Security"))) {
       a_Hsts_set(hsts, entry->Url);
diff --git a/src/hsts.c b/src/hsts.c
index 5874e44f..ecbd9765 100644
--- a/src/hsts.c
+++ b/src/hsts.c
@@ -49,14 +49,16 @@ static void Hsts_free_policy(HstsData_t *p)
 
 void a_Hsts_freeall()
 {
-   HstsData_t *policy;
-   int i, n = dList_length(domains);
+   if (prefs.http_strict_transport_security) {
+      HstsData_t *policy;
+      int i, n = dList_length(domains);
 
-   for (i = 0; i < n; i++) {
-      policy = dList_nth_data(domains, i);
-      Hsts_free_policy(policy);
+      for (i = 0; i < n; i++) {
+         policy = dList_nth_data(domains, i);
+         Hsts_free_policy(policy);
+      }
+      dList_free(domains);
    }
-   dList_free(domains);
 }
 
 /*
@@ -349,12 +351,14 @@ static void Hsts_preload(FILE *stream)
 
 void a_Hsts_init(FILE *preload_file)
 {
-   struct tm future_tm = {7, 14, 3, 19, 0, 138, 0, 0, 0, 0, 0};
+   if (prefs.http_strict_transport_security) {
+      struct tm future_tm = {7, 14, 3, 19, 0, 138, 0, 0, 0, 0, 0};
 
-   hsts_latest_representable_time = mktime(&future_tm);
-   domains = dList_new(32);
+      hsts_latest_representable_time = mktime(&future_tm);
+      domains = dList_new(32);
 
-   if (preload_file)
-      Hsts_preload(preload_file);
+      if (preload_file)
+         Hsts_preload(preload_file);
+   }
 }
 
diff --git a/src/prefs.c b/src/prefs.c
index 65ebcdae..4ee65ba3 100644
--- a/src/prefs.c
+++ b/src/prefs.c
@@ -66,6 +66,7 @@ void a_Prefs_init(void)
    prefs.http_persistent_conns = FALSE;
    prefs.http_proxyuser = NULL;
    prefs.http_referer = dStrdup(PREFS_HTTP_REFERER);
+   prefs.http_strict_transport_security = TRUE;
    prefs.http_user_agent = dStrdup(PREFS_HTTP_USER_AGENT);
    prefs.limit_text_width = FALSE;
    prefs.adjust_min_width = TRUE;
diff --git a/src/prefs.h b/src/prefs.h
index ac52786e..d22ef656 100644
--- a/src/prefs.h
+++ b/src/prefs.h
@@ -94,6 +94,7 @@ typedef struct {
    bool_t load_stylesheets;
    bool_t parse_embedded_css;
    bool_t http_persistent_conns;
+   bool_t http_strict_transport_security;
    int32_t buffered_drawing;
    char *font_serif;
    char *font_sans_serif;
diff --git a/src/prefsparser.cc b/src/prefsparser.cc
index d01dcac5..a57a1642 100644
--- a/src/prefsparser.cc
+++ b/src/prefsparser.cc
@@ -171,6 +171,8 @@ void PrefsParser::parse(FILE *fp)
       { "http_proxy", &prefs.http_proxy, PREFS_URL, 0 },
       { "http_proxyuser", &prefs.http_proxyuser, PREFS_STRING, 0 },
       { "http_referer", &prefs.http_referer, PREFS_STRING, 0 },
+      { "http_strict_transport_security",&prefs.http_strict_transport_security,
+        PREFS_BOOL, 0 },
       { "http_user_agent", &prefs.http_user_agent, PREFS_STRING, 0 },
       { "limit_text_width", &prefs.limit_text_width, PREFS_BOOL, 0 },
       { "adjust_min_width", &prefs.adjust_min_width, PREFS_BOOL, 0 },
diff --git a/src/url.c b/src/url.c
index 124b9dcc..5ffe58fd 100644
--- a/src/url.c
+++ b/src/url.c
@@ -425,7 +425,8 @@ DilloUrl* a_Url_new(const char *url_str, const char *base_url)
     * A site's HTTP Strict Transport Security policy may direct us to transform
     * URLs like "http://en.wikipedia.org:80" to "https://en.wikipedia.org:443".
     */
-   if (url->scheme && !dStrAsciiCasecmp(url->scheme, "http") &&
+   if (prefs.http_strict_transport_security &&
+       url->scheme && !dStrAsciiCasecmp(url->scheme, "http") &&
        a_Hsts_require_https(a_Url_hostname(url))) {
       const char *const scheme = "https";
 
-- 
cgit v1.2.3