checkpoint

problematic.js

@@ -1,12 +1,21 @@
 console.log("PROBLEMATIC REQUESTS");
 
-const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0;
+// const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0;
+async function isThirdParty(request) {
+  const request_url = new URL(request.url);
+  const origin_url = new URL(await getOrigin(request));
+  return (
+    request_url.origin != origin_url.origin ||
+    request.urlClassification.thirdParty.length > 0
+  );
+}
 const hasCookie = (arg) => arg.requestHeaders.some((h) => h.name === "Cookie");
 const hasReferer = (arg) =>
   arg.requestHeaders.some((h) => h.name === "Referer");
 
 const getReferer = (arg) =>
   arg.requestHeaders.filter((h) => h.name === "Referer")[0].value;
+
 const getOrigin = async (arg) => {
   let url;
   if (arg.tabId) {
@@ -16,24 +25,29 @@ const getOrigin = async (arg) => {
     url = arg.frameAncestors[0].url;
   }
 
-  return new URL(url).host;
+  return url;
 };
 
 const exposesOrigin = async (arg) => {
-  return getReferer(arg).includes(await getOrigin(arg));
+  return getReferer(arg).includes(new URL(await getOrigin(arg)).host);
 };
 
 browser.webRequest.onBeforeSendHeaders.addListener(
   async (request) => {
-    // console.log(request.url, request.tabId);
     if (
-      isThirdParty(request) &&
+      (await isThirdParty(request)) &&
       hasReferer(request) &&
       (await exposesOrigin(request))
     ) {
       const has_cookie = hasCookie(request);
       fn = has_cookie ? console.warn : console.log;
-      fn("Leaked referrer! Has cookie:", hasCookie(request), request.url);
+      fn(
+        "Leaked referrer! Has cookie:",
+        hasCookie(request),
+        request.url,
+        "referer was",
+        getReferer(request)
+      );
     }
   },
   { urls: ["<all_urls>"] },