From 750b68fa2434e611f2382a7ef1d70c7831aa879d Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Sun, 16 May 2021 07:54:41 +0200 Subject: [PATCH] checkpoint --- problematic.js | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/problematic.js b/problematic.js index da7b8ff..060c452 100644 --- a/problematic.js +++ b/problematic.js @@ -1,12 +1,21 @@ console.log("PROBLEMATIC REQUESTS"); -const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0; +// const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0; +async function isThirdParty(request) { + const request_url = new URL(request.url); + const origin_url = new URL(await getOrigin(request)); + return ( + request_url.origin != origin_url.origin || + request.urlClassification.thirdParty.length > 0 + ); +} const hasCookie = (arg) => arg.requestHeaders.some((h) => h.name === "Cookie"); const hasReferer = (arg) => arg.requestHeaders.some((h) => h.name === "Referer"); const getReferer = (arg) => arg.requestHeaders.filter((h) => h.name === "Referer")[0].value; + const getOrigin = async (arg) => { let url; if (arg.tabId) { @@ -16,24 +25,29 @@ const getOrigin = async (arg) => { url = arg.frameAncestors[0].url; } - return new URL(url).host; + return url; }; const exposesOrigin = async (arg) => { - return getReferer(arg).includes(await getOrigin(arg)); + return getReferer(arg).includes(new URL(await getOrigin(arg)).host); }; browser.webRequest.onBeforeSendHeaders.addListener( async (request) => { - // console.log(request.url, request.tabId); if ( - isThirdParty(request) && + (await isThirdParty(request)) && hasReferer(request) && (await exposesOrigin(request)) ) { const has_cookie = hasCookie(request); fn = has_cookie ? console.warn : console.log; - fn("Leaked referrer! Has cookie:", hasCookie(request), request.url); + fn( + "Leaked referrer! Has cookie:", + hasCookie(request), + request.url, + "referer was", + getReferer(request) + ); } }, { urls: [""] },