Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Spoof referer header on cross-origin navigations #10726

Merged
merged 1 commit into from
Aug 31, 2017
Merged

Conversation

diracdeltas
Copy link
Member

Previously we were only spoofing it on cross-origin subresource requests, not
navigations. Fix #10721

Test Plan:

  1. go to https://community.brave.com/t/tracking-not-blocked/6787 and click on the two links in the post
  2. the sites should report the referer as the origin of the site itself, not community.brave.com
  3. now turn off shields on one of the sites
  4. repeat steps 1 and 2. the site should now report the referer as community.brave.com

Submitter Checklist:

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Ran git rebase -i to squash commits (if needed).
  • Tagged reviewers and labelled the pull request as needed.

Test Plan:

Reviewer Checklist:

Tests

  • Adequate test coverage exists to prevent regressions
  • Tests should be independent and work correctly when run individually or as a suite ref
  • New files have MPL2 license header

Previously we were only spoofing it on cross-origin subresource requests, not
navigations. Fix #10721

Test Plan:
1. go to https://community.brave.com/t/tracking-not-blocked/6787 and click on the two links in the post
2. the sites should report the referer as the origin of the site itself, not community.brave.com
3. now turn off shields on one of the sites
4. repeat steps 1 and 2. the site should now report the referer as community.brave.com
@diracdeltas diracdeltas self-assigned this Aug 30, 2017
@diracdeltas diracdeltas requested a review from evq August 30, 2017 23:16
@codecov-io
Copy link

codecov-io commented Aug 30, 2017

Codecov Report

Merging #10726 into master will increase coverage by 0.02%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master   #10726      +/-   ##
==========================================
+ Coverage   54.41%   54.44%   +0.02%     
==========================================
  Files         246      246              
  Lines       21368    21361       -7     
  Branches     3320     3320              
==========================================
+ Hits        11628    11629       +1     
+ Misses       9740     9732       -8
Flag Coverage Δ
#unittest 54.44% <100%> (+0.02%) ⬆️
Impacted Files Coverage Δ
app/filtering.js 18.58% <100%> (+0.38%) ⬆️

@bbondy bbondy merged commit 348e019 into master Aug 31, 2017
bbondy added a commit that referenced this pull request Aug 31, 2017
Spoof referer header on cross-origin navigations
bbondy added a commit that referenced this pull request Aug 31, 2017
Spoof referer header on cross-origin navigations
@bbondy
Copy link
Member

bbondy commented Aug 31, 2017

There is noapplyCookieSetting in 0.18.x so I changed this milestone to 0.19.x.
Please feel free to rebase a fix and include in 0.18.x if you want though.
If you do please update the PR and the issue milestone. Thanks!.

@diracdeltas
Copy link
Member Author

fixed in 0.18.x with 076cd89

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants