[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: Bug#27935: [PATCH] Anonymous Referrer Implementation
From: eperez () dei ! inf ! uc3m ! es
Date: 2001-06-30 19:19:54
[Download RAW message or body]
Package: kdelibs
Version: 2.1.2
I have coded the http Referer Anonymously.
The solution is sending for the URL http://www.server.com/path/file.ext
Referer: http://www.server.com/path/
This won't break very broken servers that need Referer
and this path will keep user anonymity.
Could you have a look at this patch prior patching it in kdelibs ?
It may be better ways of getting the http://www.server.com/path/
from http://www.server.com/path/file.ext
I don't know if touching DOM is a good idea, so you may not apply that part
of the patch.
But removing the referrer metadata and sending always the referrer in
kio/http/http.cc it's a good idea.
Sending the referrer this way also helps getting the URL from other bookmark
without navigating the entire site on servers that need the referer and without
it they send you to the start page.
Also, command line clients (like lftp) use this approach as it allows
getting these pages that without referrer is impossible to get.
diff -ur old/kdelibs-2.1.2/khtml/SECURITY new/kdelibs-2.1.2/khtml/SECURITY
--- old/kdelibs-2.1.2/khtml/SECURITY Fri May 26 14:20:24 2000
+++ new/kdelibs-2.1.2/khtml/SECURITY Fri Jun 29 21:46:48 2001
@@ -18,8 +18,8 @@
HTTPS. (OK. The current implementation does not allow redirects to other
protocols)
-* We should provide a HTTP referer header iff the referer is on the same host
-as the requested object. (We currently don't support referer headers)
+* We provide a HTTP referrer header as the URL without the filename
+ this keeps user privacy and works with broken servers that need the referrer
* Either a) Don't allow POST or GET actions from javascript.
or b) _Always_ ask the user for confirmation when javascript requests a
diff -ur old/kdelibs-2.1.2/khtml/dom/html_document.cpp \
new/kdelibs-2.1.2/khtml/dom/html_document.cpp
--- old/kdelibs-2.1.2/khtml/dom/html_document.cpp Fri Jan 26 06:18:26 2001
+++ new/kdelibs-2.1.2/khtml/dom/html_document.cpp Fri Jun 29 21:43:47 2001
@@ -110,12 +110,6 @@
// ###
}
-DOMString HTMLDocument::referrer() const
-{
- if(!impl) return 0;
- return ((HTMLDocumentImpl *)impl)->referrer();
-}
-
DOMString HTMLDocument::domain() const
{
if(!impl) return 0;
diff -ur old/kdelibs-2.1.2/khtml/dom/html_document.h \
new/kdelibs-2.1.2/khtml/dom/html_document.h
--- old/kdelibs-2.1.2/khtml/dom/html_document.h Mon Aug 21 13:46:01 2000
+++ new/kdelibs-2.1.2/khtml/dom/html_document.h Fri Jun 29 21:42:57 2001
@@ -106,14 +106,6 @@
void setTitle( const DOMString & );
/**
- * Returns the URI of the page that linked to this page. The value
- * is an empty string if the user navigated to the page directly
- * (not through a link, but, for example, via a bookmark).
- *
- */
- DOMString referrer() const;
-
- /**
* The domain name of the server that served the document, or a
* null string if the server cannot be identified by a domain
* name.
diff -ur old/kdelibs-2.1.2/khtml/ecma/kjs_html.cpp \
new/kdelibs-2.1.2/khtml/ecma/kjs_html.cpp
--- old/kdelibs-2.1.2/khtml/ecma/kjs_html.cpp Mon Mar 12 00:46:24 2001
+++ new/kdelibs-2.1.2/khtml/ecma/kjs_html.cpp Fri Jun 29 21:42:00 2001
@@ -179,7 +179,7 @@
if (p == "title")
return getString(doc.title());
else if (p == "referrer")
- return String(doc.referrer());
+ return String(doc.URL());
else if (p == "domain")
return getString(doc.domain());
else if (p == "URL")
diff -ur old/kdelibs-2.1.2/khtml/html/html_documentimpl.cpp \
new/kdelibs-2.1.2/khtml/html/html_documentimpl.cpp
--- old/kdelibs-2.1.2/khtml/html/html_documentimpl.cpp Fri Feb 9 02:40:32 2001
+++ new/kdelibs-2.1.2/khtml/html/html_documentimpl.cpp Fri Jun 29 21:40:18 2001
@@ -95,12 +95,6 @@
{
}
-DOMString HTMLDocumentImpl::referrer() const
-{
- // ### should we fix that? I vote against for privacy reasons
- return DOMString();
-}
-
DOMString HTMLDocumentImpl::domain() const
{
// ### do they want the host or the domain????
diff -ur old/kdelibs-2.1.2/khtml/html/html_documentimpl.h \
new/kdelibs-2.1.2/khtml/html/html_documentimpl.h
--- old/kdelibs-2.1.2/khtml/html/html_documentimpl.h Fri Feb 9 02:40:32 2001
+++ new/kdelibs-2.1.2/khtml/html/html_documentimpl.h Fri Jun 29 21:38:33 2001
@@ -56,7 +56,6 @@
virtual bool isHTMLDocument() const { return true; }
- DOMString referrer() const;
DOMString domain() const;
HTMLElementImpl *body();
diff -ur old/kdelibs-2.1.2/khtml/khtml_part.cpp \
new/kdelibs-2.1.2/khtml/khtml_part.cpp
--- old/kdelibs-2.1.2/khtml/khtml_part.cpp Wed Apr 25 00:38:46 2001
+++ new/kdelibs-2.1.2/khtml/khtml_part.cpp Fri Jun 29 21:34:55 2001
@@ -2215,7 +2215,6 @@
khtml::ChildFrame *frame = recursiveFrameRequest( cURL, args, false );
if ( frame )
{
- args.metaData()["referrer"]=m_url.url();
requestObject( frame, cURL, args );
return;
}
@@ -2230,8 +2229,6 @@
// cached images, but the khtml image cache can't handle that yet.
args.reload = true;
}
- if (!m_url.url().isEmpty())
- args.metaData()["referrer"]=m_url.url();
emit d->m_extension->openURLRequest( cURL, args );
}
@@ -2473,8 +2470,6 @@
child->m_args = args;
child->m_serviceName = QString::null;
- if (!m_url.isEmpty())
- child->m_args.metaData()["referrer"] = m_url.url();
if ( args.serviceType.isEmpty() ) {
child->m_run = new KHTMLRun( this, child, url, child->m_args );
@@ -2687,8 +2682,6 @@
KParts::URLArgs args;
- if (!m_url.isEmpty())
- args.metaData()["referrer"] = m_url.url();
if ( strcmp( action, "get" ) == 0 )
{
u.setQuery( QString::fromLatin1( formData.data(), formData.size() ) );
diff -ur old/kdelibs-2.1.2/khtml/misc/loader.cpp \
new/kdelibs-2.1.2/khtml/misc/loader.cpp
--- old/kdelibs-2.1.2/khtml/misc/loader.cpp Wed Apr 25 00:38:49 2001
+++ new/kdelibs-2.1.2/khtml/misc/loader.cpp Fri Jun 29 21:37:20 2001
@@ -837,7 +837,6 @@
if (!req->object->accept().isEmpty())
job->addMetaData("accept", req->object->accept());
- job->addMetaData("referrer", req->m_baseURL.string());
connect( job, SIGNAL( result( KIO::Job * ) ), this, SLOT( slotFinished( KIO::Job * \
) ) ); connect( job, SIGNAL( data( KIO::Job*, const QByteArray &)),
diff -ur old/kdelibs-2.1.2/kio/DESIGN.metadata new/kdelibs-2.1.2/kio/DESIGN.metadata
--- old/kdelibs-2.1.2/kio/DESIGN.metadata Thu Jan 25 00:57:39 2001
+++ new/kdelibs-2.1.2/kio/DESIGN.metadata Fri Jun 29 21:30:21 2001
@@ -11,8 +11,6 @@
Key Value(s) Description
---- -------- -----------
-referrer string The URL from which the request originates. (read by \
http)
-
modified string The modification date of the document (set by http)
accept string List of mimetypes to accept seperated by a ", ". \
(read by http)
diff -ur old/kdelibs-2.1.2/kio/job.h new/kdelibs-2.1.2/kio/job.h
--- old/kdelibs-2.1.2/kio/job.h Tue Jan 9 21:27:27 2001
+++ new/kdelibs-2.1.2/kio/job.h Fri Jun 29 21:29:35 2001
@@ -161,7 +161,6 @@
* Example:
* job = KIO::http_post( url, postData, false );
* job->addMetaData("content-type", contentType );
- * job->addMetaData("referrer", referrerURL);
*
* @p postData is the data that you want to send and
* @p contentType is the format of that data.
--- old/kdelibs-2.1.2/kio/http/http.cc Wed Apr 25 00:38:54 2001
+++ new/kdelibs-2.1.2/kio/http/http.cc Sat Jun 29 21:38:21 2001
@@ -885,13 +885,14 @@
if( !agent.isEmpty() )
header += "User-Agent: " + agent + "\r\n";
- QString referrer = metaData("referrer");
- if (!referrer.isEmpty())
- {
- // HTTP uses "Referer" although the correct
- // spelling is "referrer"
- header += "Referer: "+referrer+"\r\n";
- }
+ // HTTP uses "Referer" although the correct
+ // spelling is "referrer"
+ // for privacy reasons we send the URL without the filename
+ header += "Referer: ";
+ header += (m_protocol == "ftp") ? "ftp://" : "http://";
+ header += m_request.url.host();
+ QString url_path = m_request.url.encodedPathAndQuery(0, true);
+ header += url_path.left(url_path.findRev('/')+1) + "\r\n";
// Adjust the offset value based on the "resume"
// meta-data.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic