Skip to content
Snippets Groups Projects
Verified Commit 535d04e9 authored by Thomas Rientjes's avatar Thomas Rientjes
Browse files

Implement cookie sanitation

parent 34400054
No related branches found
No related tags found
No related merge requests found
......@@ -8,6 +8,7 @@
"globals": {
"Address": true,
"files": true,
"Header": true,
"helpers": true,
"interceptor": true,
"mappings": true,
......
......@@ -27,6 +27,12 @@ const Address = {
'WWW_PREFIX': 'www.'
};
const Header = {
'COOKIE': 'Cookie',
'ORIGIN': 'Origin',
'REFERER': 'Referer'
};
const Resource = {
'MAPPING_EXPRESSION': /\.map$/i,
'VERSION_EXPRESSION': /(?:\d{1,2}\.){1,3}\d{1,2}/,
......@@ -46,9 +52,7 @@ const Setting = {
const WebRequest = {
'GET': 'GET',
'BLOCKING': 'blocking',
'HEADERS': 'requestHeaders',
'ORIGIN_HEADER': 'Origin',
'REFERER_HEADER': 'Referer'
'HEADERS': 'requestHeaders'
};
const Whitelist = {
......
......@@ -47,11 +47,11 @@ requestSanitizer.disable = function () {
requestSanitizer._stripMetadata = function (requestDetails) {
let sensitiveHeaders = [Header.COOKIE, Header.ORIGIN, Header.REFERER];
for (let i = 0; i < requestDetails.requestHeaders.length; ++i) {
if (requestDetails.requestHeaders[i].name === WebRequest.ORIGIN_HEADER) {
requestDetails.requestHeaders.splice(i--, 1);
} else if (requestDetails.requestHeaders[i].name === WebRequest.REFERER_HEADER) {
if (sensitiveHeaders.indexOf(requestDetails.requestHeaders[i].name) > -1) {
requestDetails.requestHeaders.splice(i--, 1);
}
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment