From 49ce807e3cebf9f36fc908d7b7c0bfe00ce32e2c Mon Sep 17 00:00:00 2001
From: John Mark Bell <jmb@netsurf-browser.org>
Date: Fri, 1 Oct 2004 21:31:55 +0000
Subject: [project @ 2004-10-01 21:31:55 by jmb] A somewhat better
 implementation of referrers which no longer sends the referer if the URL
 schemes don't match.

Things to do:
1) Preservation of referer across redirects (see comment in browser.c:284)
2) GUI templates/code for configuration of referer sending (simple on/off toggle only)
3) Make referer sending when fetching objects/stylesheets for a page pay attention to option_send_referer?
4) Handle the case where the referer is in the form of http://moo:foo@mysite.com/ (ie the login details embedded in the referer - not good).

svn path=/import/netsurf/; revision=1297
---
 content/fetch.c | 38 +++++++++++++++++++++++++++++++++++---
 1 file changed, 35 insertions(+), 3 deletions(-)

(limited to 'content')

diff --git a/content/fetch.c b/content/fetch.c
index c072a1e5a..89351b452 100644
--- a/content/fetch.c
+++ b/content/fetch.c
@@ -228,6 +228,7 @@ struct fetch * fetch_start(char *url, char *referer,
 	CURLMcode codem;
 	struct curl_slist *slist;
 	url_func_result res;
+	char *ref1 = 0, *ref2 = 0;
 
 	fetch = malloc(sizeof (*fetch));
 	if (!fetch)
@@ -238,6 +239,18 @@ struct fetch * fetch_start(char *url, char *referer,
 	if (res == URL_FUNC_NOMEM)
 		goto failed;
 
+	res = url_scheme(url, &ref1);
+	/* we only fail memory exhaustion */
+	if (res == URL_FUNC_NOMEM)
+		goto failed;
+
+	if (referer) {
+		res = url_scheme(referer, &ref2);
+		/* we only fail memory exhaustion */
+		if (res == URL_FUNC_NOMEM)
+			goto failed;
+	}
+
 	LOG(("fetch %p, url '%s'", fetch, url));
 
 	/* construct a new fetch structure */
@@ -250,8 +263,11 @@ struct fetch * fetch_start(char *url, char *referer,
 	fetch->cookies = cookies;
 	fetch->url = strdup(url);
 	fetch->referer = 0;
-	if (referer)
-		fetch->referer = strdup(referer);
+	/* only send the referer if the schemes match */
+	if (referer) {
+		if (ref1 && ref2 && strcasecmp(ref1, ref2) == 0)
+			fetch->referer = strdup(referer);
+	}
 	fetch->p = p;
 	fetch->headers = 0;
 	fetch->host = host;
@@ -269,11 +285,23 @@ struct fetch * fetch_start(char *url, char *referer,
 	fetch->prev = 0;
 	fetch->next = 0;
 
-	if (!fetch->url || (referer && !fetch->referer) ||
+	if (!fetch->url || (referer &&
+			(ref1 && ref2 && strcasecmp(ref1, ref2) == 0) &&
+			!fetch->referer) ||
 			(post_urlenc && !fetch->post_urlenc) ||
 			(post_multipart && !fetch->post_multipart))
 		goto failed;
 
+	/* these aren't needed past here */
+	if (ref1) {
+		free(ref1);
+		ref1 = 0;
+	}
+	if (ref2) {
+		free(ref2);
+		ref2 = 0;
+	}
+
 #define APPEND(list, value) \
 	slist = curl_slist_append(list, value);		\
 	if (!slist)					\
@@ -336,6 +364,10 @@ struct fetch * fetch_start(char *url, char *referer,
 
 failed:
 	free(host);
+	if (ref1)
+		free(ref1);
+	if (ref2)
+		free(ref2);
 	free(fetch->url);
 	free(fetch->referer);
 	free(fetch->post_urlenc);
-- 
cgit v1.2.3