Limit referer header value length to 4096

2025-08-06 06:00:15 +01:00 · 2019-10-23 21:16:02 +02:00 · 2019-10-23 21:16:02 +02:00 · c54df2b965
commit c54df2b965
parent 4cdfe23cc8
170 changed files with 49 additions and 674 deletions
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@ -195,13 +195,15 @@ fn strict_origin_when_cross_origin(referrer_url: ServoUrl, url: ServoUrl) -> Opt

 /// <https://w3c.github.io/webappsec-referrer-policy/#strip-url>
 fn strip_url(mut referrer_url: ServoUrl, origin_only: bool) -> Option<ServoUrl> {
+    const MAX_REFERRER_URL_LENGTH: usize = 4096;
    if referrer_url.scheme() == "https" || referrer_url.scheme() == "http" {
        {
            let referrer = referrer_url.as_mut_url();
            referrer.set_username("").unwrap();
            referrer.set_password(None).unwrap();
            referrer.set_fragment(None);
-            if origin_only {
+            // Limit `referer` header's value to 4k <https://github.com/w3c/webappsec-referrer-policy/pull/122>
+            if origin_only || referrer.as_str().len() > MAX_REFERRER_URL_LENGTH {
                referrer.set_path("");
                referrer.set_query(None);
            }