mirror of
https://github.com/gorhill/uMatrix.git
synced 2024-09-21 11:51:30 +12:00
code review: various fixes
- Ensure REFERER spoofing is always reported in logger - Fixed possible exception thrown when asynchronously reporting cookies
This commit is contained in:
parent
18ecb90bd0
commit
46669115dc
4 changed files with 15 additions and 15 deletions
|
@ -237,7 +237,6 @@ return {
|
||||||
cookieRemovedCounter: 0,
|
cookieRemovedCounter: 0,
|
||||||
localStorageRemovedCounter: 0,
|
localStorageRemovedCounter: 0,
|
||||||
cookieHeaderFoiledCounter: 0,
|
cookieHeaderFoiledCounter: 0,
|
||||||
refererHeaderFoiledCounter: 0,
|
|
||||||
hyperlinkAuditingFoiledCounter: 0,
|
hyperlinkAuditingFoiledCounter: 0,
|
||||||
browserCacheClearedCounter: 0,
|
browserCacheClearedCounter: 0,
|
||||||
storageUsed: 0,
|
storageUsed: 0,
|
||||||
|
|
|
@ -209,6 +209,7 @@ var recordPageCookie = (function() {
|
||||||
if ( pageStore.tabId === '' ) { continue; }
|
if ( pageStore.tabId === '' ) { continue; }
|
||||||
for ( let cookieKey of qentry[1] ) {
|
for ( let cookieKey of qentry[1] ) {
|
||||||
let cookieEntry = cookieDict.get(cookieKey);
|
let cookieEntry = cookieDict.get(cookieKey);
|
||||||
|
if ( cookieEntry === undefined ) { continue; }
|
||||||
let block = µm.mustBlock(
|
let block = µm.mustBlock(
|
||||||
pageStore.pageHostname,
|
pageStore.pageHostname,
|
||||||
cookieEntry.hostname,
|
cookieEntry.hostname,
|
||||||
|
|
|
@ -123,6 +123,7 @@ PageStore.prototype = {
|
||||||
this.distinctRequestCount = 0;
|
this.distinctRequestCount = 0;
|
||||||
this.perLoadAllowedRequestCount = 0;
|
this.perLoadAllowedRequestCount = 0;
|
||||||
this.perLoadBlockedRequestCount = 0;
|
this.perLoadBlockedRequestCount = 0;
|
||||||
|
this.perLoadBlockedReferrerCount = 0;
|
||||||
this.has3pReferrer = false;
|
this.has3pReferrer = false;
|
||||||
this.hasMixedContent = false;
|
this.hasMixedContent = false;
|
||||||
this.hasNoscriptTags = false;
|
this.hasNoscriptTags = false;
|
||||||
|
|
|
@ -182,7 +182,7 @@ var onBeforeRequestHandler = function(details) {
|
||||||
// Sanitize outgoing headers as per user settings.
|
// Sanitize outgoing headers as per user settings.
|
||||||
|
|
||||||
var onBeforeSendHeadersHandler = function(details) {
|
var onBeforeSendHeadersHandler = function(details) {
|
||||||
var µm = µMatrix,
|
let µm = µMatrix,
|
||||||
µmuri = µm.URI,
|
µmuri = µm.URI,
|
||||||
requestURL = details.url,
|
requestURL = details.url,
|
||||||
requestScheme = µmuri.schemeFromURI(requestURL);
|
requestScheme = µmuri.schemeFromURI(requestURL);
|
||||||
|
@ -197,11 +197,10 @@ var onBeforeSendHeadersHandler = function(details) {
|
||||||
// to scope on unknown scheme? Etc.
|
// to scope on unknown scheme? Etc.
|
||||||
// https://github.com/gorhill/httpswitchboard/issues/191
|
// https://github.com/gorhill/httpswitchboard/issues/191
|
||||||
// https://github.com/gorhill/httpswitchboard/issues/91#issuecomment-37180275
|
// https://github.com/gorhill/httpswitchboard/issues/91#issuecomment-37180275
|
||||||
var tabId = details.tabId,
|
let tabId = details.tabId,
|
||||||
pageStore = µm.mustPageStoreFromTabId(tabId),
|
pageStore = µm.mustPageStoreFromTabId(tabId),
|
||||||
requestType = requestTypeNormalizer[details.type] || 'other',
|
requestType = requestTypeNormalizer[details.type] || 'other',
|
||||||
requestHeaders = details.requestHeaders,
|
requestHeaders = details.requestHeaders;
|
||||||
headerIndex, headerValue;
|
|
||||||
|
|
||||||
// https://github.com/gorhill/httpswitchboard/issues/342
|
// https://github.com/gorhill/httpswitchboard/issues/342
|
||||||
// Is this hyperlink auditing?
|
// Is this hyperlink auditing?
|
||||||
|
@ -224,9 +223,9 @@ var onBeforeSendHeadersHandler = function(details) {
|
||||||
// With hyperlink-auditing, removing header(s) is pointless, the whole
|
// With hyperlink-auditing, removing header(s) is pointless, the whole
|
||||||
// request must be cancelled.
|
// request must be cancelled.
|
||||||
|
|
||||||
headerIndex = headerIndexFromName('ping-to', requestHeaders);
|
let headerIndex = headerIndexFromName('ping-to', requestHeaders);
|
||||||
if ( headerIndex !== -1 ) {
|
if ( headerIndex !== -1 ) {
|
||||||
headerValue = requestHeaders[headerIndex].value;
|
let headerValue = requestHeaders[headerIndex].value;
|
||||||
if ( headerValue !== '' ) {
|
if ( headerValue !== '' ) {
|
||||||
var block = µm.userSettings.processHyperlinkAuditing;
|
var block = µm.userSettings.processHyperlinkAuditing;
|
||||||
pageStore.recordRequest('other', requestURL + '{Ping-To:' + headerValue + '}', block);
|
pageStore.recordRequest('other', requestURL + '{Ping-To:' + headerValue + '}', block);
|
||||||
|
@ -241,7 +240,7 @@ var onBeforeSendHeadersHandler = function(details) {
|
||||||
// If we reach this point, request is not blocked, so what is left to do
|
// If we reach this point, request is not blocked, so what is left to do
|
||||||
// is to sanitize headers.
|
// is to sanitize headers.
|
||||||
|
|
||||||
var rootHostname = pageStore.pageHostname,
|
let rootHostname = pageStore.pageHostname,
|
||||||
requestHostname = µmuri.hostnameFromURI(requestURL),
|
requestHostname = µmuri.hostnameFromURI(requestURL),
|
||||||
modified = false;
|
modified = false;
|
||||||
|
|
||||||
|
@ -253,7 +252,7 @@ var onBeforeSendHeadersHandler = function(details) {
|
||||||
µm.mustBlock(rootHostname, requestHostname, 'cookie')
|
µm.mustBlock(rootHostname, requestHostname, 'cookie')
|
||||||
) {
|
) {
|
||||||
modified = true;
|
modified = true;
|
||||||
headerValue = requestHeaders[headerIndex].value;
|
let headerValue = requestHeaders[headerIndex].value;
|
||||||
requestHeaders.splice(headerIndex, 1);
|
requestHeaders.splice(headerIndex, 1);
|
||||||
µm.cookieHeaderFoiledCounter++;
|
µm.cookieHeaderFoiledCounter++;
|
||||||
if ( requestType === 'doc' ) {
|
if ( requestType === 'doc' ) {
|
||||||
|
@ -284,28 +283,28 @@ var onBeforeSendHeadersHandler = function(details) {
|
||||||
|
|
||||||
headerIndex = headerIndexFromName('referer', requestHeaders);
|
headerIndex = headerIndexFromName('referer', requestHeaders);
|
||||||
if ( headerIndex !== -1 ) {
|
if ( headerIndex !== -1 ) {
|
||||||
headerValue = requestHeaders[headerIndex].value;
|
let headerValue = requestHeaders[headerIndex].value;
|
||||||
if ( headerValue !== '' ) {
|
if ( headerValue !== '' ) {
|
||||||
var toDomain = µmuri.domainFromHostname(requestHostname);
|
let toDomain = µmuri.domainFromHostname(requestHostname);
|
||||||
if ( toDomain !== '' && toDomain !== µmuri.domainFromURI(headerValue) ) {
|
if ( toDomain !== '' && toDomain !== µmuri.domainFromURI(headerValue) ) {
|
||||||
pageStore.has3pReferrer = true;
|
pageStore.has3pReferrer = true;
|
||||||
if ( µm.tMatrix.evaluateSwitchZ('referrer-spoof', rootHostname) ) {
|
if ( µm.tMatrix.evaluateSwitchZ('referrer-spoof', rootHostname) ) {
|
||||||
modified = true;
|
modified = true;
|
||||||
var newValue;
|
let newValue;
|
||||||
if ( details.method === 'GET' ) {
|
if ( details.method === 'GET' ) {
|
||||||
newValue = requestHeaders[headerIndex].value =
|
newValue = requestHeaders[headerIndex].value =
|
||||||
requestScheme + '://' + requestHostname + '/';
|
requestScheme + '://' + requestHostname + '/';
|
||||||
} else {
|
} else {
|
||||||
requestHeaders.splice(headerIndex, 1);
|
requestHeaders.splice(headerIndex, 1);
|
||||||
}
|
}
|
||||||
µm.refererHeaderFoiledCounter++;
|
if ( pageStore.perLoadBlockedReferrerCount === 0 ) {
|
||||||
if ( requestType === 'doc' ) {
|
pageStore.perLoadBlockedRequestCount += 1;
|
||||||
pageStore.perLoadBlockedRequestCount++;
|
|
||||||
µm.logger.writeOne(tabId, 'net', '', headerValue, 'REFERER', true);
|
µm.logger.writeOne(tabId, 'net', '', headerValue, 'REFERER', true);
|
||||||
if ( newValue !== undefined ) {
|
if ( newValue !== undefined ) {
|
||||||
µm.logger.writeOne(tabId, 'net', '', newValue, 'REFERER', false);
|
µm.logger.writeOne(tabId, 'net', '', newValue, 'REFERER', false);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
pageStore.perLoadBlockedReferrerCount += 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue