Verified Commit cf21afe8 authored by Thomas Rientjes's avatar Thomas Rientjes
Browse files

Implement cookie and origin sanitation

parent c9fc15e7
......@@ -85,8 +85,10 @@ var Interceptor = new Class({
return;
}
// Remove referer header from request.
// Remove sensitive headers from the request.
httpChannel.setRequestHeader('Referer', null, false);
httpChannel.setRequestHeader('Origin', null, false);
httpChannel.setRequestHeader('Cookie', null, false);
// Convert the original request URI to a local target.
target = requestAnalyzer.getLocalTarget(httpChannel.URI.host, httpChannel.URI.path);
......
......@@ -78,8 +78,11 @@ exports.isValidCandidate = function (httpChannel) {
// If the request initiator could be determined and is whitelisted.
if (initiatorDomain && whitelistedDomains[_normalizeDomain(initiatorDomain)]) {
// Remove referer header from request.
// Remove sensitive headers from the request.
httpChannel.setRequestHeader('Referer', null, false);
httpChannel.setRequestHeader('Origin', null, false);
httpChannel.setRequestHeader('Cookie', null, false);
return false;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment