mirror of
https://github.com/servo/servo.git
synced 2025-08-03 04:30:10 +01:00
Limit referer header value length to 4096
This commit is contained in:
parent
4cdfe23cc8
commit
c54df2b965
170 changed files with 49 additions and 674 deletions
|
@ -195,13 +195,15 @@ fn strict_origin_when_cross_origin(referrer_url: ServoUrl, url: ServoUrl) -> Opt
|
|||
|
||||
/// <https://w3c.github.io/webappsec-referrer-policy/#strip-url>
|
||||
fn strip_url(mut referrer_url: ServoUrl, origin_only: bool) -> Option<ServoUrl> {
|
||||
const MAX_REFERRER_URL_LENGTH: usize = 4096;
|
||||
if referrer_url.scheme() == "https" || referrer_url.scheme() == "http" {
|
||||
{
|
||||
let referrer = referrer_url.as_mut_url();
|
||||
referrer.set_username("").unwrap();
|
||||
referrer.set_password(None).unwrap();
|
||||
referrer.set_fragment(None);
|
||||
if origin_only {
|
||||
// Limit `referer` header's value to 4k <https://github.com/w3c/webappsec-referrer-policy/pull/122>
|
||||
if origin_only || referrer.as_str().len() > MAX_REFERRER_URL_LENGTH {
|
||||
referrer.set_path("");
|
||||
referrer.set_query(None);
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue