Verified Commit 535d04e9 authored by Thomas Rientjes's avatar Thomas Rientjes
Browse files

Implement cookie sanitation

parent 34400054
......@@ -8,6 +8,7 @@
"globals": {
"Address": true,
"files": true,
"Header": true,
"helpers": true,
"interceptor": true,
"mappings": true,
......
......@@ -27,6 +27,12 @@ const Address = {
'WWW_PREFIX': 'www.'
};
const Header = {
'COOKIE': 'Cookie',
'ORIGIN': 'Origin',
'REFERER': 'Referer'
};
const Resource = {
'MAPPING_EXPRESSION': /\.map$/i,
'VERSION_EXPRESSION': /(?:\d{1,2}\.){1,3}\d{1,2}/,
......@@ -46,9 +52,7 @@ const Setting = {
const WebRequest = {
'GET': 'GET',
'BLOCKING': 'blocking',
'HEADERS': 'requestHeaders',
'ORIGIN_HEADER': 'Origin',
'REFERER_HEADER': 'Referer'
'HEADERS': 'requestHeaders'
};
const Whitelist = {
......
......@@ -47,11 +47,11 @@ requestSanitizer.disable = function () {
requestSanitizer._stripMetadata = function (requestDetails) {
let sensitiveHeaders = [Header.COOKIE, Header.ORIGIN, Header.REFERER];
for (let i = 0; i < requestDetails.requestHeaders.length; ++i) {
if (requestDetails.requestHeaders[i].name === WebRequest.ORIGIN_HEADER) {
requestDetails.requestHeaders.splice(i--, 1);
} else if (requestDetails.requestHeaders[i].name === WebRequest.REFERER_HEADER) {
if (sensitiveHeaders.indexOf(requestDetails.requestHeaders[i].name) > -1) {
requestDetails.requestHeaders.splice(i--, 1);
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment