From 9ac8433e6d270ae71ab180aeed613ac6bee135cf Mon Sep 17 00:00:00 2001
From: Christian Dywan <christian@twotoasts.de>
Date: Fri, 15 Apr 2011 00:49:39 +0200
Subject: [PATCH] Strip referrer details sent to external sites

This new feature strips, if enabled, the path and query from
the 'Referer' header when switching to external sites. It
doesn't affect internal links, which is why websites testing
for this feature may falsely assert it's not working.

The feature is automatically enabled in private mode.
---
 midori/main.c               | 28 +++++++++++++++++++++++++++-
 midori/midori-websettings.c | 27 ++++++++++++++++++++++++++-
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/midori/main.c b/midori/main.c
index 63bbf788..132b72e4 100644
--- a/midori/main.c
+++ b/midori/main.c
@@ -801,7 +801,10 @@ midori_browser_privacy_preferences_cb (MidoriBrowser*    browser,
     katze_preferences_add_widget (preferences, button, "indented");
     #endif
     #endif
-    katze_preferences_add_group (preferences, _("History"));
+    #if HAVE_LIBSOUP_2_27_90
+    button = katze_property_proxy (settings, "strip-referer", NULL);
+    katze_preferences_add_widget (preferences, button, "indented");
+    #endif
     button = katze_property_label (settings, "maximum-history-age");
     katze_preferences_add_widget (preferences, button, "indented");
     button = katze_property_proxy (settings, "maximum-history-age", NULL);
@@ -996,6 +999,28 @@ midori_soup_session_settings_accept_language_cb (SoupSession*       session,
         g_free (languages);
     soup_message_headers_append (msg->request_headers, "Accept-Language", accpt);
     g_free (accpt);
+
+    #if HAVE_LIBSOUP_2_27_90
+    if (katze_object_get_boolean (settings, "strip-referer"))
+    {
+        const gchar* referer
+            = soup_message_headers_get_one (msg->request_headers, "Referer");
+        SoupURI* destination = soup_message_get_uri (msg);
+        if (referer && destination && !strstr (referer, destination->host))
+        {
+            SoupURI* stripped_uri = soup_uri_new (referer);
+            gchar* stripped_referer;
+            soup_uri_set_path (stripped_uri, NULL);
+            soup_uri_set_query (stripped_uri, NULL);
+            stripped_referer = soup_uri_to_string (stripped_uri, FALSE);
+            soup_uri_free (stripped_uri);
+            g_message ("Referer stripped");
+            soup_message_headers_replace (msg->request_headers, "Referer",
+                                          stripped_referer);
+            g_free (stripped_referer);
+        }
+    }
+    #endif
 }
 
 static void
@@ -2195,6 +2220,7 @@ main (int    argc,
             #if WEBKIT_CHECK_VERSION (1, 3, 13)
             g_object_set (settings, "enable-dns-prefetching", FALSE, NULL);
             #endif
+            g_object_set (settings, "strip-referer", TRUE, NULL);
             midori_browser_set_action_visible (browser, "Tools", FALSE);
             midori_browser_set_action_visible (browser, "ClearPrivateData", FALSE);
         }
diff --git a/midori/midori-websettings.c b/midori/midori-websettings.c
index 69cf1c28..d0983bff 100644
--- a/midori/midori-websettings.c
+++ b/midori/midori-websettings.c
@@ -86,6 +86,7 @@ struct _MidoriWebSettings
 
     gint clear_private_data;
     gchar* clear_data;
+    gboolean strip_referer;
 };
 
 struct _MidoriWebSettingsClass
@@ -168,7 +169,8 @@ enum
     PROP_PREFERRED_LANGUAGES,
 
     PROP_CLEAR_PRIVATE_DATA,
-    PROP_CLEAR_DATA
+    PROP_CLEAR_DATA,
+    PROP_STRIP_REFERER
 };
 
 GType
@@ -1100,6 +1102,23 @@ midori_web_settings_class_init (MidoriWebSettingsClass* class)
                                      _("The data selected for deletion"),
                                      NULL,
                                      flags));
+    /**
+     * MidoriWebSettings:strip-referer:
+     *
+     * Whether to strip referrer details sent to external sites.
+     *
+     * Since: 0.3.4
+     */
+    g_object_class_install_property (gobject_class,
+                                     PROP_STRIP_REFERER,
+                                     g_param_spec_boolean (
+                                     "strip-referer",
+    /* i18n: Reworded: Shorten details propagated when going to another page */
+        _("Strip referrer details sent to external sites"),
+    /* i18n: Referer here is not a typo but a technical term */
+        _("Whether the \"Referer\" header should be shortened to the hostname"),
+                                     FALSE,
+                                     flags));
 
 }
 
@@ -1518,6 +1537,9 @@ midori_web_settings_set_property (GObject*      object,
     case PROP_CLEAR_DATA:
         katze_assign (web_settings->clear_data, g_value_dup_string (value));
         break;
+    case PROP_STRIP_REFERER:
+        web_settings->strip_referer = g_value_get_boolean (value);
+        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
         break;
@@ -1749,6 +1771,9 @@ midori_web_settings_get_property (GObject*    object,
     case PROP_CLEAR_DATA:
         g_value_set_string (value, web_settings->clear_data);
         break;
+    case PROP_STRIP_REFERER:
+        g_value_set_boolean (value, web_settings->strip_referer);
+        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
         break;