src/plugin/PluginWbPassThrough.cpp - Issue 5634261554036736: Issue 1562 - Improve detecting of XmlHttmlRequest requests

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: src/plugin/PluginWbPassThrough.cpp

Issue 5634261554036736: Issue 1562 - Improve detecting of XmlHttmlRequest requests (Closed)

Patch Set: add CORS Created Nov. 13, 2014, 10:42 a.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/plugin/PluginWbPassThrough.cpp

===================================================================

--- a/src/plugin/PluginWbPassThrough.cpp

+++ b/src/plugin/PluginWbPassThrough.cpp

@@ -20,21 +20,21 @@

"</body>"

"</html>";

- template <class T>

- T ExtractHttpHeader(const T& allHeaders, const T& targetHeaderNameWithColon, const T& delimiter)

- {

- auto targetHeaderBeginsAt = allHeaders.find(targetHeaderNameWithColon);

- if (targetHeaderBeginsAt == T::npos)

- {

- return T();

- }

- targetHeaderBeginsAt += targetHeaderNameWithColon.length();

- auto targetHeaderEndsAt = allHeaders.find(delimiter, targetHeaderBeginsAt);

- if (targetHeaderEndsAt == T::npos)

- {

- return T();

- }

- return allHeaders.substr(targetHeaderBeginsAt, targetHeaderEndsAt - targetHeaderBeginsAt);

+ template <class T>

+ T ExtractHttpHeader(const T& allHeaders, const T& targetHeaderNameWithColon, const T& delimiter)

+ {

+ auto targetHeaderBeginsAt = allHeaders.find(targetHeaderNameWithColon);

+ if (targetHeaderBeginsAt == T::npos)

+ {

+ return T();

+ }

+ targetHeaderBeginsAt += targetHeaderNameWithColon.length();

+ auto targetHeaderEndsAt = allHeaders.find(delimiter, targetHeaderBeginsAt);

+ if (targetHeaderEndsAt == T::npos)

+ {

+ return T();

+ }

+ return allHeaders.substr(targetHeaderBeginsAt, targetHeaderEndsAt - targetHeaderBeginsAt);

}

std::string ExtractHttpAcceptHeader(IInternetProtocol* internetProtocol)

@@ -63,6 +63,18 @@

}

return ExtractHttpHeader<std::string>(buf, "Accept:", "\r\n");

}

+ bool IsXmlHttpRequest(const std::wstring& additionalHeaders)

+ {

+ auto requestedWithHeader = ExtractHttpHeader<std::wstring>(additionalHeaders, L"X-Requested-With:", L"\n");

+ if(TrimString(requestedWithHeader) == L"XMLHttpRequest")

+ {

+ return true;

+ }

+ // CORS

+ auto originHeader = ExtractHttpHeader<std::wstring>(additionalHeaders, L"Origin:", L"\n");

+ return !TrimString(originHeader).empty();

+ }

}

WBPassthruSink::WBPassthruSink()

@@ -289,34 +301,39 @@

// There doesn't seem to be any other way to get this header before the request has been made.

HRESULT nativeHr = httpNegotiate ? httpNegotiate->BeginningTransaction(szURL, szHeaders, dwReserved, pszAdditionalHeaders) : S_OK;

- if (pszAdditionalHeaders && *pszAdditionalHeaders)

- {

- m_boundDomain = ExtractHttpHeader<std::wstring>(*pszAdditionalHeaders, L"Referer:", L"\n");

- }

+ if (pszAdditionalHeaders && *pszAdditionalHeaders)

+ {

+ m_boundDomain = ExtractHttpHeader<std::wstring>(*pszAdditionalHeaders, L"Referer:", L"\n");

+ }

m_boundDomain = TrimString(m_boundDomain);

CPluginTab* tab = CPluginClass::GetTab(::GetCurrentThreadId());

CPluginClient* client = CPluginClient::GetInstance();

- if (tab && client)

- {

- CString documentUrl = tab->GetDocumentUrl();

- // Page is identical to document => don't block

- if (documentUrl == ToCString(src))

- {

- return nativeHr;

- }

- else if (CPluginSettings::GetInstance()->IsPluginEnabled() && !client->IsWhitelistedUrl(std::wstring(documentUrl)))

- {

- if (tab->IsFrameCached(ToCString(src)))

- {

- m_contentType = CFilter::contentTypeSubdocument;

- }

+ if (tab && client)

+ {

+ CString documentUrl = tab->GetDocumentUrl();

+ // Page is identical to document => don't block

+ if (documentUrl == ToCString(src))

+ {

+ return nativeHr;

+ }

+ else if (CPluginSettings::GetInstance()->IsPluginEnabled() && !client->IsWhitelistedUrl(std::wstring(documentUrl)))

+ {

+ if (tab->IsFrameCached(ToCString(src)))

+ {

+ m_contentType = CFilter::contentTypeSubdocument;

+ }

}

if (IsFlashRequest(pszAdditionalHeaders))

{

- m_contentType = CFilter::EContentType::contentTypeObjectSubrequest;

+ m_contentType = CFilter::EContentType::contentTypeObjectSubrequest;

+ }

+ if (pszAdditionalHeaders && IsXmlHttpRequest(*pszAdditionalHeaders))

+ {

+ m_contentType = CFilter::EContentType::contentTypeXmlHttpRequest;

}

m_blockedInTransaction = client->ShouldBlock(szURL, m_contentType, m_boundDomain, /*debug flag but must be set*/true);

« no previous file with comments | « no previous file | no next file » | no next file with comments »