Limit referer header value length to 4096

This commit is contained in:
teapotd 2019-10-23 21:16:02 +02:00
parent 4cdfe23cc8
commit c54df2b965
170 changed files with 49 additions and 674 deletions

View file

@ -27,11 +27,12 @@ use hyper::{Request as HyperRequest, Response as HyperResponse};
use msg::constellation_msg::TEST_PIPELINE_ID;
use net::cookie::Cookie;
use net::cookie_storage::CookieStorage;
use net::http_loader::determine_request_referrer;
use net::resource_thread::AuthCacheEntry;
use net::test::replace_host_table;
use net_traits::request::{CredentialsMode, Destination, RequestBuilder, RequestMode};
use net_traits::response::ResponseBody;
use net_traits::{CookieSource, NetworkError};
use net_traits::{CookieSource, NetworkError, ReferrerPolicy};
use servo_url::{ImmutableOrigin, ServoUrl};
use std::collections::HashMap;
use std::io::Write;
@ -1421,3 +1422,47 @@ fn test_origin_set() {
let _ = server.close();
}
#[test]
fn test_determine_request_referrer_shorter_than_4k() {
let mut headers = HeaderMap::new();
let referrer_source =
ServoUrl::parse("http://username:password@example.com/such/short/referer?query#fragment")
.unwrap();
let current_url = ServoUrl::parse("http://example.com/current/url").unwrap();
let referer = determine_request_referrer(
&mut headers,
ReferrerPolicy::UnsafeUrl,
referrer_source,
current_url,
);
assert_eq!(
referer.unwrap().as_str(),
"http://example.com/such/short/referer?query"
);
}
#[test]
fn test_determine_request_referrer_longer_than_4k() {
let long_url_str = format!(
"http://username:password@example.com/such/{}/referer?query#fragment",
"long".repeat(1024)
);
let mut headers = HeaderMap::new();
let referrer_source = ServoUrl::parse(&long_url_str).unwrap();
let current_url = ServoUrl::parse("http://example.com/current/url").unwrap();
let referer = determine_request_referrer(
&mut headers,
ReferrerPolicy::UnsafeUrl,
referrer_source,
current_url,
);
assert_eq!(referer.unwrap().as_str(), "http://example.com/");
}