[tor-commits] [tor-browser/tor-browser-45.3.0esr-6.5-1] Bug 17334: Spoof referrer when leaving a .onion domain

[gk at torproject.org]

commit 5837ac47afae9ca736ec4c4fedf0d83d6a601bc9
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date:   Fri Sep 9 22:50:47 2016 -0700

    Bug 17334: Spoof referrer when leaving a .onion domain
    
    Note I also remove a superfluous and confusing line,
    `currentHost = referrerHost;`
---
 netwerk/protocol/http/HttpBaseChannel.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
index 76c4a9a..8d9a408 100644
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -14,6 +14,7 @@
 #include "nsMimeTypes.h"
 #include "nsNetCID.h"
 #include "nsNetUtil.h"
+#include "nsReadableUtils.h"
 
 #include "nsICachingChannel.h"
 #include "nsIDOMDocument.h"
@@ -1389,13 +1390,15 @@ HttpBaseChannel::SetReferrerWithPolicy(nsIURI *referrer,
       return NS_OK;
   }
 
-  // send spoofed referrer if desired
-  if (userSpoofReferrerSource) {
+  bool leavingOnion = !currentHost.Equals(referrerHost) &&
+    StringEndsWith(referrerHost, NS_LITERAL_CSTRING(".onion"));
+
+  // send spoofed referrer if desired by user, or if we are leaving a .onion
+  if (userSpoofReferrerSource || leavingOnion) {
     nsCOMPtr<nsIURI> mURIclone;
     rv = mURI->CloneIgnoringRef(getter_AddRefs(mURIclone));
     if (NS_FAILED(rv)) return rv;
     clone = mURIclone;
-    currentHost = referrerHost;
   }
 
   // strip away any userpass; we don't want to be giving out passwords ;-)