Fix for FS#270 - Bugs with stripping referer

The referer is now checked more strictly against the host.
If setting 'referer' is set to 'same-domain', it now checks
it against the public-suffix, so referers can be sent between
subdomains.

If 'referer' is set to 'same-fqdn' (NEW) the FQDN's must match
strictly.

4 files changed, 31 insertions, 3 deletions

diff --git a/settings.c b/settings.c
index 5f68b3f..2a847de 100644
--- a/settings.c
+++ b/settings.c
@@ -1103,6 +1103,8 @@ get_referer(struct settings *s)
 		return (g_strdup("never"));
 	if (referer_mode == XT_REFERER_SAME_DOMAIN)
 		return (g_strdup("same-domain"));
+	if (referer_mode == XT_REFERER_SAME_FQDN)
+		return (g_strdup("same-fqdn"));
 	if (referer_mode == XT_REFERER_CUSTOM)
 		return (g_strdup(referer_custom));
 	return (NULL);
@@ -1120,6 +1122,8 @@ set_referer(struct settings *s, char *value)
 		referer_mode = XT_REFERER_NEVER;
 	else if (!strcmp(value, "same-domain"))
 		referer_mode = XT_REFERER_SAME_DOMAIN;
+	else if (!strcmp(value, "same-fqdn"))
+		referer_mode = XT_REFERER_SAME_FQDN;
 	else if (!valid_url_type(value)) {
 		referer_mode = XT_REFERER_CUSTOM;
 		referer_custom = g_strdup(value);
diff --git a/xxxterm.1 b/xxxterm.1
index 7b5275a..0aaaed9 100644
--- a/xxxterm.1
+++ b/xxxterm.1
@@ -1208,7 +1208,9 @@ Control how 'Referer' is handled in http-requests.
 always      - always send referer
 never       - never send referer
 same-domain - only send referer if it's
-              for the same domain
+              for the same public suffix - this means that
+              it's ok for subdomains to refer to each other
+same-fqdn   - only send referer if it's FQDN match
 .Ed
 Any other value that is also a valid URL will use this
 custom value as referer. (E.g. you could set it to http://no-referer.com)
diff --git a/xxxterm.c b/xxxterm.c
index ad43a2a..ac2d335 100644
--- a/xxxterm.c
+++ b/xxxterm.c
@@ -4388,8 +4388,12 @@ session_rq_cb(SoupSession *s, SoupMessage *msg, SoupSocket *socket,
     gpointer data)
 {
 	SoupURI			*dest;
+	SoupURI			*ref_uri;
 	const char		*ref;
 
+	char			*ref_suffix;
+	char			*dest_suffix;
+
 	if (s == NULL || msg == NULL)
 		return;
 
@@ -4407,15 +4411,32 @@ session_rq_cb(SoupSession *s, SoupMessage *msg, SoupSocket *socket,
 			    "Referer");
 			break;
 		case XT_REFERER_SAME_DOMAIN:
+			ref_uri = soup_uri_new(ref);
 			dest = soup_message_get_uri(msg);
 
-			if (dest && !strstr(ref, dest->host)) {
+			ref_suffix = tld_get_suffix(ref_uri->host);
+			dest_suffix = tld_get_suffix(dest->host);
+
+			if (dest && strcmp(ref_suffix, dest_suffix) != 0) {
+				soup_message_headers_remove(msg->request_headers,
+				    "Referer");
+				DNPRINTF(XT_D_NAV, "session_rq_cb: removing "
+				    "referer (not same domain) (suffixes: %s - %s)\n",
+				    ref_suffix, dest_suffix);
+			}
+			soup_uri_free(ref_uri);
+			break;
+		case XT_REFERER_SAME_FQDN:
+			ref_uri = soup_uri_new(ref);
+			dest = soup_message_get_uri(msg);
+			if (dest && strcmp(ref_uri->host, dest->host) != 0) {
 				soup_message_headers_remove(msg->request_headers,
 				    "Referer");
 				DNPRINTF(XT_D_NAV, "session_rq_cb: removing "
-				    "referer (not same domain) (should be %s)\n",
+				    "referer (not same fqdn) (should be %s)\n",
 				    dest->host);
 			}
+			soup_uri_free(ref_uri);
 			break;
 		case XT_REFERER_CUSTOM:
 			DNPRINTF(XT_D_NAV, "session_rq_cb: setting referer "
diff --git a/xxxterm.h b/xxxterm.h
index 6555aec..f546256 100644
--- a/xxxterm.h
+++ b/xxxterm.h
@@ -517,6 +517,7 @@ int		fork_exec(struct tab *, char *, const gchar *, char *, int);
 #define XT_REFERER_NEVER	(1)
 #define XT_REFERER_SAME_DOMAIN	(2)
 #define XT_REFERER_CUSTOM	(3)
+#define XT_REFERER_SAME_FQDN	(4)
 
 #define CTRL			GDK_CONTROL_MASK
 #define MOD1			GDK_MOD1_MASK