From 535d04e92413fee2f5ef98c177d94235a002c579 Mon Sep 17 00:00:00 2001
From: Thomas Rientjes <synzvato@protonmail.com>
Date: Thu, 11 Jan 2018 18:29:53 -0300
Subject: [PATCH] Implement cookie sanitation
---
.eslintrc | 1 +
core/constants.js | 10 +++++++---
core/request-sanitizer.js | 6 +++---
3 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/.eslintrc b/.eslintrc
index 8e8ecee..602bd64 100644
--- a/.eslintrc
+++ b/.eslintrc
@@ -8,6 +8,7 @@
"globals": {
"Address": true,
"files": true,
+ "Header": true,
"helpers": true,
"interceptor": true,
"mappings": true,
diff --git a/core/constants.js b/core/constants.js
index 1d4de9e..86e5754 100644
--- a/core/constants.js
+++ b/core/constants.js
@@ -27,6 +27,12 @@ const Address = {
'WWW_PREFIX': 'www.'
};
+const Header = {
+ 'COOKIE': 'Cookie',
+ 'ORIGIN': 'Origin',
+ 'REFERER': 'Referer'
+};
+
const Resource = {
'MAPPING_EXPRESSION': /\.map$/i,
'VERSION_EXPRESSION': /(?:\d{1,2}\.){1,3}\d{1,2}/,
@@ -46,9 +52,7 @@ const Setting = {
const WebRequest = {
'GET': 'GET',
'BLOCKING': 'blocking',
- 'HEADERS': 'requestHeaders',
- 'ORIGIN_HEADER': 'Origin',
- 'REFERER_HEADER': 'Referer'
+ 'HEADERS': 'requestHeaders'
};
const Whitelist = {
diff --git a/core/request-sanitizer.js b/core/request-sanitizer.js
index a28799f..8a76e67 100644
--- a/core/request-sanitizer.js
+++ b/core/request-sanitizer.js
@@ -47,11 +47,11 @@ requestSanitizer.disable = function () {
requestSanitizer._stripMetadata = function (requestDetails) {
+ let sensitiveHeaders = [Header.COOKIE, Header.ORIGIN, Header.REFERER];
+
for (let i = 0; i < requestDetails.requestHeaders.length; ++i) {
- if (requestDetails.requestHeaders[i].name === WebRequest.ORIGIN_HEADER) {
- requestDetails.requestHeaders.splice(i--, 1);
- } else if (requestDetails.requestHeaders[i].name === WebRequest.REFERER_HEADER) {
+ if (sensitiveHeaders.indexOf(requestDetails.requestHeaders[i].name) > -1) {
requestDetails.requestHeaders.splice(i--, 1);
}
}
--
GitLab