Strip referrer details sent to external sites
This new feature strips, if enabled, the path and query from the 'Referer' header when switching to external sites. It doesn't affect internal links, which is why websites testing for this feature may falsely assert it's not working. The feature is automatically enabled in private mode.
This commit is contained in:
parent
e18a2c8001
commit
9ac8433e6d
2 changed files with 53 additions and 2 deletions
|
@ -801,7 +801,10 @@ midori_browser_privacy_preferences_cb (MidoriBrowser* browser,
|
||||||
katze_preferences_add_widget (preferences, button, "indented");
|
katze_preferences_add_widget (preferences, button, "indented");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
katze_preferences_add_group (preferences, _("History"));
|
#if HAVE_LIBSOUP_2_27_90
|
||||||
|
button = katze_property_proxy (settings, "strip-referer", NULL);
|
||||||
|
katze_preferences_add_widget (preferences, button, "indented");
|
||||||
|
#endif
|
||||||
button = katze_property_label (settings, "maximum-history-age");
|
button = katze_property_label (settings, "maximum-history-age");
|
||||||
katze_preferences_add_widget (preferences, button, "indented");
|
katze_preferences_add_widget (preferences, button, "indented");
|
||||||
button = katze_property_proxy (settings, "maximum-history-age", NULL);
|
button = katze_property_proxy (settings, "maximum-history-age", NULL);
|
||||||
|
@ -996,6 +999,28 @@ midori_soup_session_settings_accept_language_cb (SoupSession* session,
|
||||||
g_free (languages);
|
g_free (languages);
|
||||||
soup_message_headers_append (msg->request_headers, "Accept-Language", accpt);
|
soup_message_headers_append (msg->request_headers, "Accept-Language", accpt);
|
||||||
g_free (accpt);
|
g_free (accpt);
|
||||||
|
|
||||||
|
#if HAVE_LIBSOUP_2_27_90
|
||||||
|
if (katze_object_get_boolean (settings, "strip-referer"))
|
||||||
|
{
|
||||||
|
const gchar* referer
|
||||||
|
= soup_message_headers_get_one (msg->request_headers, "Referer");
|
||||||
|
SoupURI* destination = soup_message_get_uri (msg);
|
||||||
|
if (referer && destination && !strstr (referer, destination->host))
|
||||||
|
{
|
||||||
|
SoupURI* stripped_uri = soup_uri_new (referer);
|
||||||
|
gchar* stripped_referer;
|
||||||
|
soup_uri_set_path (stripped_uri, NULL);
|
||||||
|
soup_uri_set_query (stripped_uri, NULL);
|
||||||
|
stripped_referer = soup_uri_to_string (stripped_uri, FALSE);
|
||||||
|
soup_uri_free (stripped_uri);
|
||||||
|
g_message ("Referer stripped");
|
||||||
|
soup_message_headers_replace (msg->request_headers, "Referer",
|
||||||
|
stripped_referer);
|
||||||
|
g_free (stripped_referer);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -2195,6 +2220,7 @@ main (int argc,
|
||||||
#if WEBKIT_CHECK_VERSION (1, 3, 13)
|
#if WEBKIT_CHECK_VERSION (1, 3, 13)
|
||||||
g_object_set (settings, "enable-dns-prefetching", FALSE, NULL);
|
g_object_set (settings, "enable-dns-prefetching", FALSE, NULL);
|
||||||
#endif
|
#endif
|
||||||
|
g_object_set (settings, "strip-referer", TRUE, NULL);
|
||||||
midori_browser_set_action_visible (browser, "Tools", FALSE);
|
midori_browser_set_action_visible (browser, "Tools", FALSE);
|
||||||
midori_browser_set_action_visible (browser, "ClearPrivateData", FALSE);
|
midori_browser_set_action_visible (browser, "ClearPrivateData", FALSE);
|
||||||
}
|
}
|
||||||
|
|
|
@ -86,6 +86,7 @@ struct _MidoriWebSettings
|
||||||
|
|
||||||
gint clear_private_data;
|
gint clear_private_data;
|
||||||
gchar* clear_data;
|
gchar* clear_data;
|
||||||
|
gboolean strip_referer;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct _MidoriWebSettingsClass
|
struct _MidoriWebSettingsClass
|
||||||
|
@ -168,7 +169,8 @@ enum
|
||||||
PROP_PREFERRED_LANGUAGES,
|
PROP_PREFERRED_LANGUAGES,
|
||||||
|
|
||||||
PROP_CLEAR_PRIVATE_DATA,
|
PROP_CLEAR_PRIVATE_DATA,
|
||||||
PROP_CLEAR_DATA
|
PROP_CLEAR_DATA,
|
||||||
|
PROP_STRIP_REFERER
|
||||||
};
|
};
|
||||||
|
|
||||||
GType
|
GType
|
||||||
|
@ -1100,6 +1102,23 @@ midori_web_settings_class_init (MidoriWebSettingsClass* class)
|
||||||
_("The data selected for deletion"),
|
_("The data selected for deletion"),
|
||||||
NULL,
|
NULL,
|
||||||
flags));
|
flags));
|
||||||
|
/**
|
||||||
|
* MidoriWebSettings:strip-referer:
|
||||||
|
*
|
||||||
|
* Whether to strip referrer details sent to external sites.
|
||||||
|
*
|
||||||
|
* Since: 0.3.4
|
||||||
|
*/
|
||||||
|
g_object_class_install_property (gobject_class,
|
||||||
|
PROP_STRIP_REFERER,
|
||||||
|
g_param_spec_boolean (
|
||||||
|
"strip-referer",
|
||||||
|
/* i18n: Reworded: Shorten details propagated when going to another page */
|
||||||
|
_("Strip referrer details sent to external sites"),
|
||||||
|
/* i18n: Referer here is not a typo but a technical term */
|
||||||
|
_("Whether the \"Referer\" header should be shortened to the hostname"),
|
||||||
|
FALSE,
|
||||||
|
flags));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1518,6 +1537,9 @@ midori_web_settings_set_property (GObject* object,
|
||||||
case PROP_CLEAR_DATA:
|
case PROP_CLEAR_DATA:
|
||||||
katze_assign (web_settings->clear_data, g_value_dup_string (value));
|
katze_assign (web_settings->clear_data, g_value_dup_string (value));
|
||||||
break;
|
break;
|
||||||
|
case PROP_STRIP_REFERER:
|
||||||
|
web_settings->strip_referer = g_value_get_boolean (value);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
||||||
break;
|
break;
|
||||||
|
@ -1749,6 +1771,9 @@ midori_web_settings_get_property (GObject* object,
|
||||||
case PROP_CLEAR_DATA:
|
case PROP_CLEAR_DATA:
|
||||||
g_value_set_string (value, web_settings->clear_data);
|
g_value_set_string (value, web_settings->clear_data);
|
||||||
break;
|
break;
|
||||||
|
case PROP_STRIP_REFERER:
|
||||||
|
g_value_set_boolean (value, web_settings->strip_referer);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in a new issue