Verified Commit 535d04e9 authored by Thomas Rientjes's avatar Thomas Rientjes
Browse files

Implement cookie sanitation

parent 34400054
...@@ -8,6 +8,7 @@ ...@@ -8,6 +8,7 @@
"globals": { "globals": {
"Address": true, "Address": true,
"files": true, "files": true,
"Header": true,
"helpers": true, "helpers": true,
"interceptor": true, "interceptor": true,
"mappings": true, "mappings": true,
......
...@@ -27,6 +27,12 @@ const Address = { ...@@ -27,6 +27,12 @@ const Address = {
'WWW_PREFIX': 'www.' 'WWW_PREFIX': 'www.'
}; };
const Header = {
'COOKIE': 'Cookie',
'ORIGIN': 'Origin',
'REFERER': 'Referer'
};
const Resource = { const Resource = {
'MAPPING_EXPRESSION': /\.map$/i, 'MAPPING_EXPRESSION': /\.map$/i,
'VERSION_EXPRESSION': /(?:\d{1,2}\.){1,3}\d{1,2}/, 'VERSION_EXPRESSION': /(?:\d{1,2}\.){1,3}\d{1,2}/,
...@@ -46,9 +52,7 @@ const Setting = { ...@@ -46,9 +52,7 @@ const Setting = {
const WebRequest = { const WebRequest = {
'GET': 'GET', 'GET': 'GET',
'BLOCKING': 'blocking', 'BLOCKING': 'blocking',
'HEADERS': 'requestHeaders', 'HEADERS': 'requestHeaders'
'ORIGIN_HEADER': 'Origin',
'REFERER_HEADER': 'Referer'
}; };
const Whitelist = { const Whitelist = {
......
...@@ -47,11 +47,11 @@ requestSanitizer.disable = function () { ...@@ -47,11 +47,11 @@ requestSanitizer.disable = function () {
requestSanitizer._stripMetadata = function (requestDetails) { requestSanitizer._stripMetadata = function (requestDetails) {
let sensitiveHeaders = [Header.COOKIE, Header.ORIGIN, Header.REFERER];
for (let i = 0; i < requestDetails.requestHeaders.length; ++i) { for (let i = 0; i < requestDetails.requestHeaders.length; ++i) {
if (requestDetails.requestHeaders[i].name === WebRequest.ORIGIN_HEADER) { if (sensitiveHeaders.indexOf(requestDetails.requestHeaders[i].name) > -1) {
requestDetails.requestHeaders.splice(i--, 1);
} else if (requestDetails.requestHeaders[i].name === WebRequest.REFERER_HEADER) {
requestDetails.requestHeaders.splice(i--, 1); requestDetails.requestHeaders.splice(i--, 1);
} }
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment