This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 974
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow referer when resource is on a subdomain of the parent page
Auditors: @bbondy
- Loading branch information
1 parent
758e5d2
commit 144f786
Showing
1 changed file
with
3 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -38,7 +38,7 @@ let initializedPartitions = {} | |
const transparent1pxGif = 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' | ||
|
||
// Third party domains that require a valid referer to work | ||
const refererExceptions = ['use.typekit.net', 'webtoon.phinf.naver.net', 'player.vimeo.com', 'cloud.typography.com', 'imgcomic.naver.net', 'fiddle.jshell.net', 'www.cibconline.cibc.com', 's.codepen.io'] | ||
const refererExceptions = ['use.typekit.net', 'webtoon.phinf.naver.net', 'player.vimeo.com', 'cloud.typography.com', 'imgcomic.naver.net', 'fiddle.jshell.net', 'www.cibconline.cibc.com'] | ||
|
||
/** | ||
* Maps downloadId to an electron download-item | ||
|
@@ -195,12 +195,8 @@ function registerForBeforeSendHeaders (session) { | |
if (requestHeaders['Cookie']) { | ||
requestHeaders['Cookie'] = undefined | ||
} | ||
} | ||
if (requestHeaders['Referer'] && !refererExceptions.includes(parsedUrl.hostname)) { | ||
// Clear cross-origin referer always. | ||
let parsedRef = urlParse(requestHeaders['Referer']) | ||
if (parsedUrl.protocol !== parsedRef.protocol || | ||
parsedUrl.host !== parsedRef.host) { | ||
if (requestHeaders['Referer'] && | ||
!refererExceptions.includes(parsedUrl.hostname)) { | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
diracdeltas
Author
Member
|
||
requestHeaders['Referer'] = undefined | ||
} | ||
} | ||
|
should we get base domain here?