[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Re: Fwd: Bug#27935: [PATCH] Anonymous Referrer Implementation
From: David Faure <david () mandrakesoft ! com>
Date: 2001-07-01 17:24:16
[Download RAW message or body]
Hmm, this throws away the recent referrer fixes :(
Anyway, aren't there sites that need a better referrer than that ?
For instance the one from the last bugreport needed more than that, no ?
On Saturday 30 June 2001 21:25, Stephan Kulow wrote:
> ---------- Forwarded Message ----------
>
> Subject: Bug#27935: [PATCH] Anonymous Referrer Implementation
> Date: Sat, 30 Jun 2001 19:19:54 +0000
> From: eperez@dei.inf.uc3m.es
> To: submit@bugs.kde.org
>
> Package: kdelibs
> Version: 2.1.2
>
> I have coded the http Referer Anonymously.
>
> The solution is sending for the URL http://www.server.com/path/file.ext
> Referer: http://www.server.com/path/
>
> This won't break very broken servers that need Referer
> and this path will keep user anonymity.
>
> Could you have a look at this patch prior patching it in kdelibs ?
> It may be better ways of getting the http://www.server.com/path/
> from http://www.server.com/path/file.ext
>
> I don't know if touching DOM is a good idea, so you may not apply that part
> of the patch.
> But removing the referrer metadata and sending always the referrer in
> kio/http/http.cc it's a good idea.
>
> Sending the referrer this way also helps getting the URL from other bookmark
> without navigating the entire site on servers that need the referer and
> without it they send you to the start page.
> Also, command line clients (like lftp) use this approach as it allows
> getting these pages that without referrer is impossible to get.
>
>
> diff -ur old/kdelibs-2.1.2/khtml/SECURITY new/kdelibs-2.1.2/khtml/SECURITY
> --- old/kdelibs-2.1.2/khtml/SECURITY Fri May 26 14:20:24 2000
> +++ new/kdelibs-2.1.2/khtml/SECURITY Fri Jun 29 21:46:48 2001
> @@ -18,8 +18,8 @@
> HTTPS. (OK. The current implementation does not allow redirects to other
> protocols)
>
> -* We should provide a HTTP referer header iff the referer is on the same
> host -as the requested object. (We currently don't support referer headers)
> +* We provide a HTTP referrer header as the URL without the filename + this
> keeps user privacy and works with broken servers that need the referrer
>
> * Either a) Don't allow POST or GET actions from javascript.
> or b) _Always_ ask the user for confirmation when javascript requests a
> diff -ur old/kdelibs-2.1.2/khtml/dom/html_document.cpp
> new/kdelibs-2.1.2/khtml/dom/html_document.cpp ---
> old/kdelibs-2.1.2/khtml/dom/html_document.cpp Fri Jan 26 06:18:26 2001 +++
> new/kdelibs-2.1.2/khtml/dom/html_document.cpp Fri Jun 29 21:43:47 2001 @@
> -110,12 +110,6 @@
> // ###
> }
>
> -DOMString HTMLDocument::referrer() const
> -{
> - if(!impl) return 0;
> - return ((HTMLDocumentImpl *)impl)->referrer();
> -}
> -
> DOMString HTMLDocument::domain() const
> {
> if(!impl) return 0;
> diff -ur old/kdelibs-2.1.2/khtml/dom/html_document.h
> new/kdelibs-2.1.2/khtml/dom/html_document.h ---
> old/kdelibs-2.1.2/khtml/dom/html_document.h Mon Aug 21 13:46:01 2000 +++
> new/kdelibs-2.1.2/khtml/dom/html_document.h Fri Jun 29 21:42:57 2001 @@
> -106,14 +106,6 @@
> void setTitle( const DOMString & );
>
> /**
> - * Returns the URI of the page that linked to this page. The value
> - * is an empty string if the user navigated to the page directly
> - * (not through a link, but, for example, via a bookmark).
> - *
> - */
> - DOMString referrer() const;
> -
> - /**
> * The domain name of the server that served the document, or a
> * null string if the server cannot be identified by a domain
> * name.
> diff -ur old/kdelibs-2.1.2/khtml/ecma/kjs_html.cpp
> new/kdelibs-2.1.2/khtml/ecma/kjs_html.cpp ---
> old/kdelibs-2.1.2/khtml/ecma/kjs_html.cpp Mon Mar 12 00:46:24 2001 +++
> new/kdelibs-2.1.2/khtml/ecma/kjs_html.cpp Fri Jun 29 21:42:00 2001 @@ -179,7
> +179,7 @@
> if (p == "title")
> return getString(doc.title());
> else if (p == "referrer")
> - return String(doc.referrer());
> + return String(doc.URL());
> else if (p == "domain")
> return getString(doc.domain());
> else if (p == "URL")
> diff -ur old/kdelibs-2.1.2/khtml/html/html_documentimpl.cpp
> new/kdelibs-2.1.2/khtml/html/html_documentimpl.cpp ---
> old/kdelibs-2.1.2/khtml/html/html_documentimpl.cpp Fri Feb 9 02:40:32 2001
> +++ new/kdelibs-2.1.2/khtml/html/html_documentimpl.cpp Fri Jun 29 21:40:18
> 2001 @@ -95,12 +95,6 @@
> {
> }
>
> -DOMString HTMLDocumentImpl::referrer() const
> -{
> - // ### should we fix that? I vote against for privacy reasons
> - return DOMString();
> -}
> -
> DOMString HTMLDocumentImpl::domain() const
> {
> // ### do they want the host or the domain????
> diff -ur old/kdelibs-2.1.2/khtml/html/html_documentimpl.h
> new/kdelibs-2.1.2/khtml/html/html_documentimpl.h ---
> old/kdelibs-2.1.2/khtml/html/html_documentimpl.h Fri Feb 9 02:40:32 2001
> +++ new/kdelibs-2.1.2/khtml/html/html_documentimpl.h Fri Jun 29 21:38:33
> 2001 @@ -56,7 +56,6 @@
>
> virtual bool isHTMLDocument() const { return true; }
>
> - DOMString referrer() const;
> DOMString domain() const;
>
> HTMLElementImpl *body();
> diff -ur old/kdelibs-2.1.2/khtml/khtml_part.cpp
> new/kdelibs-2.1.2/khtml/khtml_part.cpp ---
> old/kdelibs-2.1.2/khtml/khtml_part.cpp Wed Apr 25 00:38:46 2001
> +++ new/kdelibs-2.1.2/khtml/khtml_part.cpp Fri Jun 29 21:34:55 2001
> @@ -2215,7 +2215,6 @@
> khtml::ChildFrame *frame = recursiveFrameRequest( cURL, args, false );
> if ( frame )
> {
> - args.metaData()["referrer"]=m_url.url();
> requestObject( frame, cURL, args );
> return;
> }
> @@ -2230,8 +2229,6 @@
> // cached images, but the khtml image cache can't handle that yet.
> args.reload = true;
> }
> - if (!m_url.url().isEmpty())
> - args.metaData()["referrer"]=m_url.url();
> emit d->m_extension->openURLRequest( cURL, args );
> }
>
> @@ -2473,8 +2470,6 @@
>
> child->m_args = args;
> child->m_serviceName = QString::null;
> - if (!m_url.isEmpty())
> - child->m_args.metaData()["referrer"] = m_url.url();
>
> if ( args.serviceType.isEmpty() ) {
> child->m_run = new KHTMLRun( this, child, url, child->m_args );
> @@ -2687,8 +2682,6 @@
>
> KParts::URLArgs args;
>
> - if (!m_url.isEmpty())
> - args.metaData()["referrer"] = m_url.url();
> if ( strcmp( action, "get" ) == 0 )
> {
> u.setQuery( QString::fromLatin1( formData.data(), formData.size() ) );
> diff -ur old/kdelibs-2.1.2/khtml/misc/loader.cpp
> new/kdelibs-2.1.2/khtml/misc/loader.cpp ---
> old/kdelibs-2.1.2/khtml/misc/loader.cpp Wed Apr 25 00:38:49 2001 +++
> new/kdelibs-2.1.2/khtml/misc/loader.cpp Fri Jun 29 21:37:20 2001 @@ -837,7
> +837,6 @@
>
> if (!req->object->accept().isEmpty())
> job->addMetaData("accept", req->object->accept());
> - job->addMetaData("referrer", req->m_baseURL.string());
>
> connect( job, SIGNAL( result( KIO::Job * ) ), this, SLOT( slotFinished(
> KIO::Job * ) ) ); connect( job, SIGNAL( data( KIO::Job*, const QByteArray
> &)),
> diff -ur old/kdelibs-2.1.2/kio/DESIGN.metadata
> new/kdelibs-2.1.2/kio/DESIGN.metadata ---
> old/kdelibs-2.1.2/kio/DESIGN.metadata Thu Jan 25 00:57:39 2001
> +++ new/kdelibs-2.1.2/kio/DESIGN.metadata Fri Jun 29 21:30:21 2001
> @@ -11,8 +11,6 @@
> Key Value(s) Description
> ---- -------- -----------
>
> -referrer string The URL from which the request originates.
> (read by http) -
> modified string The modification date of the document (set
> by http)
>
> accept string List of mimetypes to accept seperated by a
> ", ". (read by http) diff -ur old/kdelibs-2.1.2/kio/job.h
> new/kdelibs-2.1.2/kio/job.h
> --- old/kdelibs-2.1.2/kio/job.h Tue Jan 9 21:27:27 2001
> +++ new/kdelibs-2.1.2/kio/job.h Fri Jun 29 21:29:35 2001
> @@ -161,7 +161,6 @@
> * Example:
> * job = KIO::http_post( url, postData, false );
> * job->addMetaData("content-type", contentType );
> - * job->addMetaData("referrer", referrerURL);
> *
> * @p postData is the data that you want to send and
> * @p contentType is the format of that data.
> --- old/kdelibs-2.1.2/kio/http/http.cc Wed Apr 25 00:38:54 2001
> +++ new/kdelibs-2.1.2/kio/http/http.cc Sat Jun 29 21:38:21 2001
> @@ -885,13 +885,14 @@
> if( !agent.isEmpty() )
> header += "User-Agent: " + agent + "\r\n";
>
> - QString referrer = metaData("referrer");
> - if (!referrer.isEmpty())
> - {
> - // HTTP uses "Referer" although the correct
> - // spelling is "referrer"
> - header += "Referer: "+referrer+"\r\n";
> - }
> + // HTTP uses "Referer" although the correct
> + // spelling is "referrer"
> + // for privacy reasons we send the URL without the filename
> + header += "Referer: ";
> + header += (m_protocol == "ftp") ? "ftp://" : "http://";
> + header += m_request.url.host();
> + QString url_path = m_request.url.encodedPathAndQuery(0, true);
> + header += url_path.left(url_path.findRev('/')+1) + "\r\n";
>
> // Adjust the offset value based on the "resume"
> // meta-data.
>
> -------------------------------------------------------
>
> --
> People in cars cause accidents. Accidents in cars cause people.
>
>
--
David FAURE, david@mandrakesoft.com, faure@kde.org
http://perso.mandrakesoft.com/~david/, http://www.konqueror.org/
KDE, Making The Future of Computing Available Today
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic