Strip referrer details sent to external sites

This new feature strips, if enabled, the path and query from
the 'Referer' header when switching to external sites. It
doesn't affect internal links, which is why websites testing
for this feature may falsely assert it's not working.

The feature is automatically enabled in private mode.
This commit is contained in:
Christian Dywan 2011-04-15 00:49:39 +02:00
parent e18a2c8001
commit 9ac8433e6d
2 changed files with 53 additions and 2 deletions

View file

@ -801,7 +801,10 @@ midori_browser_privacy_preferences_cb (MidoriBrowser* browser,
katze_preferences_add_widget (preferences, button, "indented"); katze_preferences_add_widget (preferences, button, "indented");
#endif #endif
#endif #endif
katze_preferences_add_group (preferences, _("History")); #if HAVE_LIBSOUP_2_27_90
button = katze_property_proxy (settings, "strip-referer", NULL);
katze_preferences_add_widget (preferences, button, "indented");
#endif
button = katze_property_label (settings, "maximum-history-age"); button = katze_property_label (settings, "maximum-history-age");
katze_preferences_add_widget (preferences, button, "indented"); katze_preferences_add_widget (preferences, button, "indented");
button = katze_property_proxy (settings, "maximum-history-age", NULL); button = katze_property_proxy (settings, "maximum-history-age", NULL);
@ -996,6 +999,28 @@ midori_soup_session_settings_accept_language_cb (SoupSession* session,
g_free (languages); g_free (languages);
soup_message_headers_append (msg->request_headers, "Accept-Language", accpt); soup_message_headers_append (msg->request_headers, "Accept-Language", accpt);
g_free (accpt); g_free (accpt);
#if HAVE_LIBSOUP_2_27_90
if (katze_object_get_boolean (settings, "strip-referer"))
{
const gchar* referer
= soup_message_headers_get_one (msg->request_headers, "Referer");
SoupURI* destination = soup_message_get_uri (msg);
if (referer && destination && !strstr (referer, destination->host))
{
SoupURI* stripped_uri = soup_uri_new (referer);
gchar* stripped_referer;
soup_uri_set_path (stripped_uri, NULL);
soup_uri_set_query (stripped_uri, NULL);
stripped_referer = soup_uri_to_string (stripped_uri, FALSE);
soup_uri_free (stripped_uri);
g_message ("Referer stripped");
soup_message_headers_replace (msg->request_headers, "Referer",
stripped_referer);
g_free (stripped_referer);
}
}
#endif
} }
static void static void
@ -2195,6 +2220,7 @@ main (int argc,
#if WEBKIT_CHECK_VERSION (1, 3, 13) #if WEBKIT_CHECK_VERSION (1, 3, 13)
g_object_set (settings, "enable-dns-prefetching", FALSE, NULL); g_object_set (settings, "enable-dns-prefetching", FALSE, NULL);
#endif #endif
g_object_set (settings, "strip-referer", TRUE, NULL);
midori_browser_set_action_visible (browser, "Tools", FALSE); midori_browser_set_action_visible (browser, "Tools", FALSE);
midori_browser_set_action_visible (browser, "ClearPrivateData", FALSE); midori_browser_set_action_visible (browser, "ClearPrivateData", FALSE);
} }

View file

@ -86,6 +86,7 @@ struct _MidoriWebSettings
gint clear_private_data; gint clear_private_data;
gchar* clear_data; gchar* clear_data;
gboolean strip_referer;
}; };
struct _MidoriWebSettingsClass struct _MidoriWebSettingsClass
@ -168,7 +169,8 @@ enum
PROP_PREFERRED_LANGUAGES, PROP_PREFERRED_LANGUAGES,
PROP_CLEAR_PRIVATE_DATA, PROP_CLEAR_PRIVATE_DATA,
PROP_CLEAR_DATA PROP_CLEAR_DATA,
PROP_STRIP_REFERER
}; };
GType GType
@ -1100,6 +1102,23 @@ midori_web_settings_class_init (MidoriWebSettingsClass* class)
_("The data selected for deletion"), _("The data selected for deletion"),
NULL, NULL,
flags)); flags));
/**
* MidoriWebSettings:strip-referer:
*
* Whether to strip referrer details sent to external sites.
*
* Since: 0.3.4
*/
g_object_class_install_property (gobject_class,
PROP_STRIP_REFERER,
g_param_spec_boolean (
"strip-referer",
/* i18n: Reworded: Shorten details propagated when going to another page */
_("Strip referrer details sent to external sites"),
/* i18n: Referer here is not a typo but a technical term */
_("Whether the \"Referer\" header should be shortened to the hostname"),
FALSE,
flags));
} }
@ -1518,6 +1537,9 @@ midori_web_settings_set_property (GObject* object,
case PROP_CLEAR_DATA: case PROP_CLEAR_DATA:
katze_assign (web_settings->clear_data, g_value_dup_string (value)); katze_assign (web_settings->clear_data, g_value_dup_string (value));
break; break;
case PROP_STRIP_REFERER:
web_settings->strip_referer = g_value_get_boolean (value);
break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break; break;
@ -1749,6 +1771,9 @@ midori_web_settings_get_property (GObject* object,
case PROP_CLEAR_DATA: case PROP_CLEAR_DATA:
g_value_set_string (value, web_settings->clear_data); g_value_set_string (value, web_settings->clear_data);
break; break;
case PROP_STRIP_REFERER:
g_value_set_boolean (value, web_settings->strip_referer);
break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break; break;