Bug 17334: Spoof referrer when leaving a .onion domain

arthuredelstein · arthuredelstein · commit 32904ad2921b · 2016-09-10T08:27:57.000Z
Note I also remove a superfluous and confusing line,
`currentHost = referrerHost;`
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -14,6 +14,7 @@
 #include "nsMimeTypes.h"
 #include "nsNetCID.h"
 #include "nsNetUtil.h"
+#include "nsReadableUtils.h"
 
 #include "nsICachingChannel.h"
 #include "nsIDOMDocument.h"
@@ -1389,13 +1390,15 @@ HttpBaseChannel::SetReferrerWithPolicy(nsIURI *referrer,
       return NS_OK;
   }
 
-  // send spoofed referrer if desired
-  if (userSpoofReferrerSource) {
+  bool leavingOnion = !currentHost.Equals(referrerHost) &&
+    StringEndsWith(referrerHost, NS_LITERAL_CSTRING(".onion"));
+
+  // send spoofed referrer if desired by user, or if we are leaving a .onion
+  if (userSpoofReferrerSource || leavingOnion) {
     nsCOMPtr<nsIURI> mURIclone;
     rv = mURI->CloneIgnoringRef(getter_AddRefs(mURIclone));
     if (NS_FAILED(rv)) return rv;
     clone = mURIclone;
-    currentHost = referrerHost;
   }
 
   // strip away any userpass; we don't want to be giving out passwords ;-)
