Auto merge of #24531 - teapotd:referer-length-limit, r=nox

Limit the referer header's value length to 4096

If the referer header's value is a URL with a length of more than 4k, strip it down to an origin.
This change reflects [w3c/webappsec-referrer-policy#122](https://github.com/w3c/webappsec-referrer-policy/pull/122)

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #24515
- [X] There are tests for these changes

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
This commit is contained in:
bors-servo 2019-10-24 16:18:50 -04:00 committed by GitHub
commit 07abea0707
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
170 changed files with 49 additions and 674 deletions

View file

@ -195,13 +195,15 @@ fn strict_origin_when_cross_origin(referrer_url: ServoUrl, url: ServoUrl) -> Opt
/// <https://w3c.github.io/webappsec-referrer-policy/#strip-url>
fn strip_url(mut referrer_url: ServoUrl, origin_only: bool) -> Option<ServoUrl> {
const MAX_REFERRER_URL_LENGTH: usize = 4096;
if referrer_url.scheme() == "https" || referrer_url.scheme() == "http" {
{
let referrer = referrer_url.as_mut_url();
referrer.set_username("").unwrap();
referrer.set_password(None).unwrap();
referrer.set_fragment(None);
if origin_only {
// Limit `referer` header's value to 4k <https://github.com/w3c/webappsec-referrer-policy/pull/122>
if origin_only || referrer.as_str().len() > MAX_REFERRER_URL_LENGTH {
referrer.set_path("");
referrer.set_query(None);
}

View file

@ -27,11 +27,12 @@ use hyper::{Request as HyperRequest, Response as HyperResponse};
use msg::constellation_msg::TEST_PIPELINE_ID;
use net::cookie::Cookie;
use net::cookie_storage::CookieStorage;
use net::http_loader::determine_request_referrer;
use net::resource_thread::AuthCacheEntry;
use net::test::replace_host_table;
use net_traits::request::{CredentialsMode, Destination, RequestBuilder, RequestMode};
use net_traits::response::ResponseBody;
use net_traits::{CookieSource, NetworkError};
use net_traits::{CookieSource, NetworkError, ReferrerPolicy};
use servo_url::{ImmutableOrigin, ServoUrl};
use std::collections::HashMap;
use std::io::Write;
@ -1421,3 +1422,47 @@ fn test_origin_set() {
let _ = server.close();
}
#[test]
fn test_determine_request_referrer_shorter_than_4k() {
let mut headers = HeaderMap::new();
let referrer_source =
ServoUrl::parse("http://username:password@example.com/such/short/referer?query#fragment")
.unwrap();
let current_url = ServoUrl::parse("http://example.com/current/url").unwrap();
let referer = determine_request_referrer(
&mut headers,
ReferrerPolicy::UnsafeUrl,
referrer_source,
current_url,
);
assert_eq!(
referer.unwrap().as_str(),
"http://example.com/such/short/referer?query"
);
}
#[test]
fn test_determine_request_referrer_longer_than_4k() {
let long_url_str = format!(
"http://username:password@example.com/such/{}/referer?query#fragment",
"long".repeat(1024)
);
let mut headers = HeaderMap::new();
let referrer_source = ServoUrl::parse(&long_url_str).unwrap();
let current_url = ServoUrl::parse("http://example.com/current/url").unwrap();
let referer = determine_request_referrer(
&mut headers,
ReferrerPolicy::UnsafeUrl,
referrer_source,
current_url,
);
assert_eq!(referer.unwrap().as_str(), "http://example.com/");
}

View file

@ -1,4 +0,0 @@
[cross-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-http.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[same-https.swap-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.keep-origin.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

View file

@ -1,4 +0,0 @@
[cross-http.no-redirect.http.html]
[`Referer` header with length > 4k is stripped to an origin.]
expected: FAIL

Some files were not shown because too many files have changed in this diff Show more