Strip referrer header in xorigin requests from .onion (fixes brave/br…

…ave-browser#18071)
brave · Nov 19, 2021 · 5f931c8 · 5f931c8
1 parent f9e71b5
commit 5f931c8
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 0 deletions.
diff --git a/browser/brave_content_browser_client_browsertest.cc b/browser/brave_content_browser_client_browsertest.cc
@@ -535,6 +535,18 @@ IN_PROC_BROWSER_TEST_F(BraveContentBrowserClientReferrerTest,
                               &referrer);
   EXPECT_EQ(referrer->url, kExtensionUrl);
 
+  // Special rule for Onion services.
+  const GURL kOnionUrl("http://lwkjglkejslkgjel.onion/index.html");
+  referrer = kReferrer.Clone();
+  referrer->url = kOnionUrl;
+  client()->MaybeHideReferrer(browser()->profile(), kRequestUrl, kOnionUrl,
+                              &referrer);
+  EXPECT_EQ(referrer->url, GURL());  // .onion -> normal
+  referrer = kReferrer.Clone();
+  client()->MaybeHideReferrer(browser()->profile(), kOnionUrl, kDocumentUrl,
+                              &referrer);
+  EXPECT_EQ(referrer->url, kDocumentUrl.GetOrigin());  // normal -> .onion
+
   // Allow referrers for certain URL.
   content_settings()->SetContentSettingCustomScope(
       ContentSettingsPattern::FromString(kDocumentUrl.GetOrigin().spec() + "*"),

diff --git a/browser/net/brave_site_hacks_network_delegate_helper_unittest.cc b/browser/net/brave_site_hacks_network_delegate_helper_unittest.cc
@@ -13,6 +13,7 @@
 #include "brave/browser/net/url_context.h"
 #include "brave/common/network_constants.h"
 #include "net/base/net_errors.h"
+#include "net/url_request/url_request_job.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 using brave::ResponseCallback;
@@ -100,6 +101,23 @@ TEST(BraveSiteHacksNetworkDelegateHelperTest,
   }
 }
 
+TEST(BraveSiteHacksNetworkDelegateHelperTest, OnionReferrerStripped) {
+  const GURL original_referrer(
+      "https://"
+      "brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/");
+  const GURL destination("https://brave.com");
+
+  // Cross-origin request from a .onion gets empty referrer.
+  auto url1 = net::URLRequestJob::ComputeReferrerForPolicy(
+      net::ReferrerPolicy::NEVER_CLEAR, original_referrer, destination);
+  EXPECT_EQ(url1, GURL());
+
+  // Cross-origin request to a .onion gets normal referrer.
+  auto url2 = net::URLRequestJob::ComputeReferrerForPolicy(
+      net::ReferrerPolicy::NEVER_CLEAR, destination, original_referrer);
+  EXPECT_EQ(url2, destination.GetOrigin());
+}
+
 TEST(BraveSiteHacksNetworkDelegateHelperTest, QueryStringUntouched) {
   const std::vector<const std::string> urls({
       "https://example.com/",

diff --git a/chromium_src/net/url_request/url_request_job.cc b/chromium_src/net/url_request/url_request_job.cc
@@ -0,0 +1,26 @@
+/* Copyright 2021 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+#include "net/url_request/url_request_job.h"
+
+// Strip referrer for cross-origin requests from a .onion hostname.
+// This also affects the Origin header outside of CORS requests.
+#define ComputeReferrerForPolicy                                              \
+  ComputeReferrerForPolicy(                                                   \
+      ReferrerPolicy policy, const GURL& original_referrer,                   \
+      const GURL& destination, bool* same_origin_out_for_metrics) {           \
+    if (base::EndsWith(original_referrer.host_piece(), ".onion",              \
+                       base::CompareCase::INSENSITIVE_ASCII) &&               \
+        !url::IsSameOriginWith(original_referrer, destination)) {             \
+      return GURL();                                                          \
+    }                                                                         \
+    return ComputeReferrerForPolicy_Chromium(                                 \
+        policy, original_referrer, destination, same_origin_out_for_metrics); \
+  }                                                                           \
+  GURL URLRequestJob::ComputeReferrerForPolicy_Chromium
+
+#include "../../../../net/url_request/url_request_job.cc"
+
+#undef ComputeReferrerForPolicy
diff --git a/chromium_src/net/url_request/url_request_job.h b/chromium_src/net/url_request/url_request_job.h
@@ -0,0 +1,19 @@
+/* Copyright 2021 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+#ifndef BRAVE_CHROMIUM_SRC_NET_URL_REQUEST_URL_REQUEST_JOB_H_
+#define BRAVE_CHROMIUM_SRC_NET_URL_REQUEST_URL_REQUEST_JOB_H_
+
+#define ComputeReferrerForPolicy                                             \
+  ComputeReferrerForPolicy(                                                  \
+      ReferrerPolicy policy, const GURL& original_referrer,                  \
+      const GURL& destination, bool* same_origin_out_for_metrics = nullptr); \
+  static GURL ComputeReferrerForPolicy_Chromium
+
+#include "../../../../net/url_request/url_request_job.h"
+
+#undef ComputeReferrerForPolicy
+
+#endif  // BRAVE_CHROMIUM_SRC_NET_URL_REQUEST_URL_REQUEST_JOB_H_