From 3303d7d70d4b9749c39ca87085d17495beab6030 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Thu, 26 Aug 2021 15:53:23 +0200 Subject: filter HTTP request headers to remove Hachette cookies in case they slip through --- background/cookie_filter.js | 45 +++++++++++++++++++++++++++++++++++++++++++++ background/main.js | 24 ++++++++++++++++++++++-- 2 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 background/cookie_filter.js diff --git a/background/cookie_filter.js b/background/cookie_filter.js new file mode 100644 index 0000000..fea2d23 --- /dev/null +++ b/background/cookie_filter.js @@ -0,0 +1,45 @@ +/** + * part of Hachette + * Filtering request headers to remove hachette cookies that might have slipped + * through. + * + * Copyright (C) 2021 Wojtek Kosior + * Redistribution terms are gathered in the `copyright' file. + */ + +/* + * IMPORTS_START + * IMPORT extract_signed + * IMPORTS_END + */ + +function is_valid_hachette_cookie(cookie) +{ + const match = /^hachette-(\w*)=(.*)$/.exec(cookie); + if (!match) + return false; + + return !extract_signed(match.slice(1, 3)).fail; +} + +function remove_hachette_cookies(header) +{ + if (header.name !== "Cookie") + return header; + + const cookies = header.value.split("; "); + const value = cookies.filter(c => !is_valid_hachette_cookie(c)).join("; "); + + return value ? {name: "Cookie", value} : null; +} + +function filter_cookie_headers(headers) +{ + return headers.map(remove_hachette_cookies).filter(h => h); +} + +/* + * EXPORTS_START + * EXPORT filter_cookie_headers + * EXPORTS_END + */ diff --git a/background/main.js b/background/main.js index 2c8a87b..5d6e680 100644 --- a/background/main.js +++ b/background/main.js @@ -17,6 +17,7 @@ * IMPORT gen_nonce * IMPORT inject_csp_headers * IMPORT apply_stream_filter + * IMPORT filter_cookie_headers * IMPORT is_chrome * IMPORTS_END */ @@ -81,18 +82,37 @@ function on_headers_received(details) return {responseHeaders: headers}; } +function on_before_send_headers(details) +{ + let headers = details.requestHeaders; + headers = filter_cookie_headers(headers); + return {requestHeaders: headers}; +} + +const all_types = [ + "main_frame", "sub_frame", "stylesheet", "script", "image", "font", + "object", "xmlhttprequest", "ping", "csp_report", "media", "websocket", + "other", "main_frame", "sub_frame" +]; + async function start_webRequest_operations() { storage = await get_storage(); - const extra_opts = ["blocking", "responseHeaders"]; + const extra_opts = ["blocking"]; if (is_chrome) extra_opts.push("extraHeaders"); browser.webRequest.onHeadersReceived.addListener( on_headers_received, {urls: [""], types: ["main_frame", "sub_frame"]}, - extra_opts + extra_opts.concat("responseHeaders") + ); + + browser.webRequest.onBeforeSendHeaders.addListener( + on_before_send_headers, + {urls: [""], types: all_types}, + extra_opts.concat("requestHeaders") ); } -- cgit v1.2.3