enable use of netsurf public suffix library to prevent supercookies
This commit is contained in:
parent
608a18caff
commit
1ef1edc9e0
|
@ -90,7 +90,7 @@ NS_GIT="git://git.netsurf-browser.org"
|
|||
NS_BUILDSYSTEM="buildsystem"
|
||||
|
||||
# internal libraries all frontends require (order is important)
|
||||
NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils"
|
||||
NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils libnspsl"
|
||||
|
||||
# The browser itself
|
||||
NS_BROWSER="netsurf"
|
||||
|
|
2
Makefile
2
Makefile
|
@ -525,6 +525,7 @@ NETSURF_FEATURE_CURL_CFLAGS := -DWITH_CURL
|
|||
NETSURF_FEATURE_NSSVG_CFLAGS := -DWITH_NS_SVG
|
||||
NETSURF_FEATURE_OPENSSL_CFLAGS := -DWITH_OPENSSL
|
||||
NETSURF_FEATURE_ROSPRITE_CFLAGS := -DWITH_NSSPRITE
|
||||
NETSURF_FEATURE_NSPSL_CFLAGS := -DWITH_NSPSL
|
||||
|
||||
$(eval $(call pkg_config_find_and_add_enabled,OPENSSL,openssl,OpenSSL))
|
||||
# freemint does not support pkg-config for libcurl
|
||||
|
@ -540,6 +541,7 @@ $(eval $(call pkg_config_find_and_add_enabled,BMP,libnsbmp,BMP))
|
|||
$(eval $(call pkg_config_find_and_add_enabled,GIF,libnsgif,GIF))
|
||||
$(eval $(call pkg_config_find_and_add_enabled,NSSVG,libsvgtiny,SVG))
|
||||
$(eval $(call pkg_config_find_and_add_enabled,ROSPRITE,librosprite,Sprite))
|
||||
$(eval $(call pkg_config_find_and_add_enabled,NSPSL,libnspsl,PSL))
|
||||
|
||||
# List of directories in which headers are searched for
|
||||
INCLUDE_DIRS :=. include $(OBJROOT)
|
||||
|
|
|
@ -69,6 +69,9 @@ NETSURF_USE_DUKTAPE := YES
|
|||
# Valid options: YES, NO
|
||||
NETSURF_USE_HARU_PDF := NO
|
||||
|
||||
# Enable the use of the Public suffix library to detect supercookies
|
||||
NETSURF_USE_NSPSL := AUTO
|
||||
|
||||
# Enable stripping the NetSurf binary
|
||||
# Valid options: YES, NO
|
||||
NETSURF_STRIP_BINARY := NO
|
||||
|
|
|
@ -94,6 +94,9 @@
|
|||
#include <string.h>
|
||||
#include <strings.h>
|
||||
#include <time.h>
|
||||
#ifdef WITH_NSPSL
|
||||
#include <nspsl.h>
|
||||
#endif
|
||||
|
||||
#include "utils/inet.h"
|
||||
#include "utils/nsoption.h"
|
||||
|
@ -3353,6 +3356,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer)
|
|||
|
||||
do {
|
||||
struct cookie_internal_data *c;
|
||||
const char *suffix;
|
||||
char *dot;
|
||||
size_t len;
|
||||
|
||||
|
@ -3379,6 +3383,19 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer)
|
|||
goto error;
|
||||
}
|
||||
|
||||
#ifdef WITH_NSPSL
|
||||
/* check domain is not a public suffix */
|
||||
dot = c->domain;
|
||||
if (*dot == '.') {
|
||||
dot++;
|
||||
}
|
||||
suffix = nspsl_getpublicsuffix(dot);
|
||||
if (suffix == NULL) {
|
||||
LOG("domain %s was a public suffix domain", dot);
|
||||
urldb_free_cookie(c);
|
||||
goto error;
|
||||
}
|
||||
#else
|
||||
/* 4.3.2:ii Cookie domain must contain embedded dots */
|
||||
dot = strchr(c->domain + 1, '.');
|
||||
if (!dot || *(dot + 1) == '\0') {
|
||||
|
@ -3386,6 +3403,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer)
|
|||
urldb_free_cookie(c);
|
||||
goto error;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Domain match fetch host with cookie domain */
|
||||
if (strcasecmp(lwc_string_data(host), c->domain) != 0) {
|
||||
|
|
Loading…
Reference in New Issue