Microsoft has acquired GitHub. Decentraleyes has left GitHub. Welcome to its new home!

To participate, please register, or sign in with an existing GitLab.com, Bitbucket, or GitHub account.

Past contributions on GitHub? Be sure to reclaim your Comments, Issues, and Pull Requests.

Commit 535d04e9 authored by Thomas Rientjes's avatar Thomas Rientjes

Implement cookie sanitation

parent 34400054
......@@ -8,6 +8,7 @@
"globals": {
"Address": true,
"files": true,
"Header": true,
"helpers": true,
"interceptor": true,
"mappings": true,
......
......@@ -27,6 +27,12 @@ const Address = {
'WWW_PREFIX': 'www.'
};
const Header = {
'COOKIE': 'Cookie',
'ORIGIN': 'Origin',
'REFERER': 'Referer'
};
const Resource = {
'MAPPING_EXPRESSION': /\.map$/i,
'VERSION_EXPRESSION': /(?:\d{1,2}\.){1,3}\d{1,2}/,
......@@ -46,9 +52,7 @@ const Setting = {
const WebRequest = {
'GET': 'GET',
'BLOCKING': 'blocking',
'HEADERS': 'requestHeaders',
'ORIGIN_HEADER': 'Origin',
'REFERER_HEADER': 'Referer'
'HEADERS': 'requestHeaders'
};
const Whitelist = {
......
......@@ -47,11 +47,11 @@ requestSanitizer.disable = function () {
requestSanitizer._stripMetadata = function (requestDetails) {
let sensitiveHeaders = [Header.COOKIE, Header.ORIGIN, Header.REFERER];
for (let i = 0; i < requestDetails.requestHeaders.length; ++i) {
if (requestDetails.requestHeaders[i].name === WebRequest.ORIGIN_HEADER) {
requestDetails.requestHeaders.splice(i--, 1);
} else if (requestDetails.requestHeaders[i].name === WebRequest.REFERER_HEADER) {
if (sensitiveHeaders.indexOf(requestDetails.requestHeaders[i].name) > -1) {
requestDetails.requestHeaders.splice(i--, 1);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment