Limit referer header value length to 4096

servo · Oct 24, 2019 · c54df2b · c54df2b
1 parent 4cdfe23
commit c54df2b
Show file tree

Hide file tree

Showing 170 changed files with 49 additions and 674 deletions.
diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs
@@ -195,13 +195,15 @@ fn strict_origin_when_cross_origin(referrer_url: ServoUrl, url: ServoUrl) -> Opt
 
 /// <https://w3c.github.io/webappsec-referrer-policy/#strip-url>
 fn strip_url(mut referrer_url: ServoUrl, origin_only: bool) -> Option<ServoUrl> {
+    const MAX_REFERRER_URL_LENGTH: usize = 4096;
     if referrer_url.scheme() == "https" || referrer_url.scheme() == "http" {
         {
             let referrer = referrer_url.as_mut_url();
             referrer.set_username("").unwrap();
             referrer.set_password(None).unwrap();
             referrer.set_fragment(None);
-            if origin_only {
+            // Limit `referer` header's value to 4k <https://github.com/w3c/webappsec-referrer-policy/pull/122>
+            if origin_only || referrer.as_str().len() > MAX_REFERRER_URL_LENGTH {
                 referrer.set_path("");
                 referrer.set_query(None);
             }

diff --git a/components/net/tests/http_loader.rs b/components/net/tests/http_loader.rs
@@ -27,11 +27,12 @@ use hyper::{Request as HyperRequest, Response as HyperResponse};
 use msg::constellation_msg::TEST_PIPELINE_ID;
 use net::cookie::Cookie;
 use net::cookie_storage::CookieStorage;
+use net::http_loader::determine_request_referrer;
 use net::resource_thread::AuthCacheEntry;
 use net::test::replace_host_table;
 use net_traits::request::{CredentialsMode, Destination, RequestBuilder, RequestMode};
 use net_traits::response::ResponseBody;
-use net_traits::{CookieSource, NetworkError};
+use net_traits::{CookieSource, NetworkError, ReferrerPolicy};
 use servo_url::{ImmutableOrigin, ServoUrl};
 use std::collections::HashMap;
 use std::io::Write;
@@ -1421,3 +1422,47 @@ fn test_origin_set() {
 
     let _ = server.close();
 }
+
+#[test]
+fn test_determine_request_referrer_shorter_than_4k() {
+    let mut headers = HeaderMap::new();
+
+    let referrer_source =
+        ServoUrl::parse("http://username:password@example.com/such/short/referer?query#fragment")
+            .unwrap();
+
+    let current_url = ServoUrl::parse("http://example.com/current/url").unwrap();
+
+    let referer = determine_request_referrer(
+        &mut headers,
+        ReferrerPolicy::UnsafeUrl,
+        referrer_source,
+        current_url,
+    );
+
+    assert_eq!(
+        referer.unwrap().as_str(),
+        "http://example.com/such/short/referer?query"
+    );
+}
+
+#[test]
+fn test_determine_request_referrer_longer_than_4k() {
+    let long_url_str = format!(
+        "http://username:password@example.com/such/{}/referer?query#fragment",
+        "long".repeat(1024)
+    );
+
+    let mut headers = HeaderMap::new();
+    let referrer_source = ServoUrl::parse(&long_url_str).unwrap();
+    let current_url = ServoUrl::parse("http://example.com/current/url").unwrap();
+
+    let referer = determine_request_referrer(
+        &mut headers,
+        ReferrerPolicy::UnsafeUrl,
+        referrer_source,
+        current_url,
+    );
+
+    assert_eq!(referer.unwrap().as_str(), "http://example.com/");
+}
diff --git a/...en/top.http-rp/no-referrer-when-downgrade/script-tag/cross-http.keep-origin.http.html.ini b/...en/top.http-rp/no-referrer-when-downgrade/script-tag/cross-http.keep-origin.http.html.ini
diff --git a/...en/top.http-rp/no-referrer-when-downgrade/script-tag/cross-http.no-redirect.http.html.ini b/...en/top.http-rp/no-referrer-when-downgrade/script-tag/cross-http.no-redirect.http.html.ini
diff --git a/...en/top.http-rp/no-referrer-when-downgrade/script-tag/cross-http.swap-origin.http.html.ini b/...en/top.http-rp/no-referrer-when-downgrade/script-tag/cross-http.swap-origin.http.html.ini
diff --git a/...n/top.http-rp/no-referrer-when-downgrade/script-tag/cross-https.keep-origin.http.html.ini b/...n/top.http-rp/no-referrer-when-downgrade/script-tag/cross-https.keep-origin.http.html.ini
diff --git a/...n/top.http-rp/no-referrer-when-downgrade/script-tag/cross-https.no-redirect.http.html.ini b/...n/top.http-rp/no-referrer-when-downgrade/script-tag/cross-https.no-redirect.http.html.ini
diff --git a/...n/top.http-rp/no-referrer-when-downgrade/script-tag/cross-https.swap-origin.http.html.ini b/...n/top.http-rp/no-referrer-when-downgrade/script-tag/cross-https.swap-origin.http.html.ini
diff --git a/...gen/top.http-rp/no-referrer-when-downgrade/script-tag/same-http.keep-origin.http.html.ini b/...gen/top.http-rp/no-referrer-when-downgrade/script-tag/same-http.keep-origin.http.html.ini
diff --git a/...gen/top.http-rp/no-referrer-when-downgrade/script-tag/same-http.no-redirect.http.html.ini b/...gen/top.http-rp/no-referrer-when-downgrade/script-tag/same-http.no-redirect.http.html.ini
diff --git a/...gen/top.http-rp/no-referrer-when-downgrade/script-tag/same-http.swap-origin.http.html.ini b/...gen/top.http-rp/no-referrer-when-downgrade/script-tag/same-http.swap-origin.http.html.ini
diff --git a/...en/top.http-rp/no-referrer-when-downgrade/script-tag/same-https.keep-origin.http.html.ini b/...en/top.http-rp/no-referrer-when-downgrade/script-tag/same-https.keep-origin.http.html.ini
diff --git a/...en/top.http-rp/no-referrer-when-downgrade/script-tag/same-https.no-redirect.http.html.ini b/...en/top.http-rp/no-referrer-when-downgrade/script-tag/same-https.no-redirect.http.html.ini
diff --git a/...en/top.http-rp/no-referrer-when-downgrade/script-tag/same-https.swap-origin.http.html.ini b/...en/top.http-rp/no-referrer-when-downgrade/script-tag/same-https.swap-origin.http.html.ini
diff --git a/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-http.keep-origin.http.html.ini b/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-http.keep-origin.http.html.ini
diff --git a/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-http.no-redirect.http.html.ini b/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-http.no-redirect.http.html.ini
diff --git a/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-http.swap-origin.http.html.ini b/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-http.swap-origin.http.html.ini
diff --git a/...licy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-https.keep-origin.http.html.ini b/...licy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-https.keep-origin.http.html.ini
diff --git a/...licy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-https.no-redirect.http.html.ini b/...licy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-https.no-redirect.http.html.ini
diff --git a/...licy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-https.swap-origin.http.html.ini b/...licy/gen/top.http-rp/no-referrer-when-downgrade/xhr/cross-https.swap-origin.http.html.ini
diff --git a/...policy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-http.keep-origin.http.html.ini b/...policy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-http.keep-origin.http.html.ini
diff --git a/...policy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-http.no-redirect.http.html.ini b/...policy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-http.no-redirect.http.html.ini
diff --git a/...policy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-http.swap-origin.http.html.ini b/...policy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-http.swap-origin.http.html.ini
diff --git a/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-https.keep-origin.http.html.ini b/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-https.keep-origin.http.html.ini
diff --git a/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-https.no-redirect.http.html.ini b/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-https.no-redirect.http.html.ini
diff --git a/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-https.swap-origin.http.html.ini b/...olicy/gen/top.http-rp/no-referrer-when-downgrade/xhr/same-https.swap-origin.http.html.ini
diff --git a/...y/gen/top.http-rp/origin-when-cross-origin/script-tag/same-http.keep-origin.http.html.ini b/...y/gen/top.http-rp/origin-when-cross-origin/script-tag/same-http.keep-origin.http.html.ini
diff --git a/...y/gen/top.http-rp/origin-when-cross-origin/script-tag/same-http.no-redirect.http.html.ini b/...y/gen/top.http-rp/origin-when-cross-origin/script-tag/same-http.no-redirect.http.html.ini
diff --git a/...r-policy/gen/top.http-rp/origin-when-cross-origin/xhr/same-http.keep-origin.http.html.ini b/...r-policy/gen/top.http-rp/origin-when-cross-origin/xhr/same-http.keep-origin.http.html.ini
diff --git a/...r-policy/gen/top.http-rp/origin-when-cross-origin/xhr/same-http.no-redirect.http.html.ini b/...r-policy/gen/top.http-rp/origin-when-cross-origin/xhr/same-http.no-redirect.http.html.ini
diff --git a/...eferrer-policy/gen/top.http-rp/same-origin/script-tag/same-http.keep-origin.http.html.ini b/...eferrer-policy/gen/top.http-rp/same-origin/script-tag/same-http.keep-origin.http.html.ini
diff --git a/...eferrer-policy/gen/top.http-rp/same-origin/script-tag/same-http.no-redirect.http.html.ini b/...eferrer-policy/gen/top.http-rp/same-origin/script-tag/same-http.no-redirect.http.html.ini
diff --git a/...adata/referrer-policy/gen/top.http-rp/same-origin/xhr/same-http.keep-origin.http.html.ini b/...adata/referrer-policy/gen/top.http-rp/same-origin/xhr/same-http.keep-origin.http.html.ini
diff --git a/...adata/referrer-policy/gen/top.http-rp/same-origin/xhr/same-http.no-redirect.http.html.ini b/...adata/referrer-policy/gen/top.http-rp/same-origin/xhr/same-http.no-redirect.http.html.ini
diff --git a/...op.http-rp/strict-origin-when-cross-origin/script-tag/same-http.keep-origin.http.html.ini b/...op.http-rp/strict-origin-when-cross-origin/script-tag/same-http.keep-origin.http.html.ini
diff --git a/...op.http-rp/strict-origin-when-cross-origin/script-tag/same-http.no-redirect.http.html.ini b/...op.http-rp/strict-origin-when-cross-origin/script-tag/same-http.no-redirect.http.html.ini
diff --git a/...y/gen/top.http-rp/strict-origin-when-cross-origin/xhr/same-http.keep-origin.http.html.ini b/...y/gen/top.http-rp/strict-origin-when-cross-origin/xhr/same-http.keep-origin.http.html.ini
diff --git a/...y/gen/top.http-rp/strict-origin-when-cross-origin/xhr/same-http.no-redirect.http.html.ini b/...y/gen/top.http-rp/strict-origin-when-cross-origin/xhr/same-http.no-redirect.http.html.ini
diff --git a/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-http.keep-origin.http.html.ini b/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-http.keep-origin.http.html.ini
diff --git a/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-http.no-redirect.http.html.ini b/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-http.no-redirect.http.html.ini
diff --git a/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-http.swap-origin.http.html.ini b/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-http.swap-origin.http.html.ini
diff --git a/...ferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-https.keep-origin.http.html.ini b/...ferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-https.keep-origin.http.html.ini
diff --git a/...ferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-https.no-redirect.http.html.ini b/...ferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-https.no-redirect.http.html.ini
diff --git a/...ferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-https.swap-origin.http.html.ini b/...ferrer-policy/gen/top.http-rp/unsafe-url/script-tag/cross-https.swap-origin.http.html.ini
diff --git a/...referrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-http.keep-origin.http.html.ini b/...referrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-http.keep-origin.http.html.ini
diff --git a/...referrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-http.no-redirect.http.html.ini b/...referrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-http.no-redirect.http.html.ini
diff --git a/...referrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-http.swap-origin.http.html.ini b/...referrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-http.swap-origin.http.html.ini
diff --git a/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-https.keep-origin.http.html.ini b/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-https.keep-origin.http.html.ini
diff --git a/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-https.no-redirect.http.html.ini b/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-https.no-redirect.http.html.ini
diff --git a/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-https.swap-origin.http.html.ini b/...eferrer-policy/gen/top.http-rp/unsafe-url/script-tag/same-https.swap-origin.http.html.ini
diff --git a/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-http.keep-origin.http.html.ini b/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-http.keep-origin.http.html.ini
diff --git a/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-http.no-redirect.http.html.ini b/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-http.no-redirect.http.html.ini
diff --git a/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-http.swap-origin.http.html.ini b/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-http.swap-origin.http.html.ini
diff --git a/...data/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-https.keep-origin.http.html.ini b/...data/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-https.keep-origin.http.html.ini
diff --git a/...data/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-https.no-redirect.http.html.ini b/...data/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-https.no-redirect.http.html.ini
diff --git a/...data/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-https.swap-origin.http.html.ini b/...data/referrer-policy/gen/top.http-rp/unsafe-url/xhr/cross-https.swap-origin.http.html.ini
diff --git a/...tadata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-http.keep-origin.http.html.ini b/...tadata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-http.keep-origin.http.html.ini
diff --git a/...tadata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-http.no-redirect.http.html.ini b/...tadata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-http.no-redirect.http.html.ini
diff --git a/...tadata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-http.swap-origin.http.html.ini b/...tadata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-http.swap-origin.http.html.ini
diff --git a/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-https.keep-origin.http.html.ini b/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-https.keep-origin.http.html.ini
diff --git a/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-https.no-redirect.http.html.ini b/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-https.no-redirect.http.html.ini
diff --git a/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-https.swap-origin.http.html.ini b/...adata/referrer-policy/gen/top.http-rp/unsafe-url/xhr/same-https.swap-origin.http.html.ini
diff --git a/...ata/referrer-policy/gen/top.http-rp/unset/script-tag/cross-http.keep-origin.http.html.ini b/...ata/referrer-policy/gen/top.http-rp/unset/script-tag/cross-http.keep-origin.http.html.ini
diff --git a/...ata/referrer-policy/gen/top.http-rp/unset/script-tag/cross-http.no-redirect.http.html.ini b/...ata/referrer-policy/gen/top.http-rp/unset/script-tag/cross-http.no-redirect.http.html.ini
diff --git a/...ata/referrer-policy/gen/top.http-rp/unset/script-tag/cross-http.swap-origin.http.html.ini b/...ata/referrer-policy/gen/top.http-rp/unset/script-tag/cross-http.swap-origin.http.html.ini
diff --git a/...ta/referrer-policy/gen/top.http-rp/unset/script-tag/cross-https.keep-origin.http.html.ini b/...ta/referrer-policy/gen/top.http-rp/unset/script-tag/cross-https.keep-origin.http.html.ini