mirror of
https://github.com/rkd77/elinks.git
synced 2024-12-04 14:46:47 -05:00
Bug 937, http_send_header: Don't send all headers to CONNECT proxy.
Backported from ELinks 0.12.GIT (4e4dddb4cc
).
This commit is contained in:
parent
4270182455
commit
7c0027bf26
@ -577,6 +577,11 @@ http_send_header(struct socket *socket)
|
||||
add_to_string(&header, "TRACE ");
|
||||
} else if (use_connect) {
|
||||
add_to_string(&header, "CONNECT ");
|
||||
/* In CONNECT requests, we send only a subset of the
|
||||
* headers to the proxy. See the "CONNECT:" comments
|
||||
* below. After the CONNECT request succeeds, we
|
||||
* negotiate TLS with the real server and make a new
|
||||
* HTTP request that includes all the headers. */
|
||||
} else if (uri->post) {
|
||||
add_to_string(&header, "POST ");
|
||||
conn->unrestartable = 1;
|
||||
@ -609,10 +614,14 @@ http_send_header(struct socket *socket)
|
||||
add_long_to_string(&header, http->sent_version.minor);
|
||||
add_crlf_to_string(&header);
|
||||
|
||||
/* CONNECT: Sending a Host header seems pointless as the same
|
||||
* information is already in the CONNECT line. It's harmless
|
||||
* though and Mozilla does it too. */
|
||||
add_to_string(&header, "Host: ");
|
||||
add_uri_to_string(&header, uri, URI_HTTP_HOST);
|
||||
add_crlf_to_string(&header);
|
||||
|
||||
/* CONNECT: Proxy-Authorization is intended to be seen by the proxy. */
|
||||
if (talking_to_proxy) {
|
||||
unsigned char *user = get_opt_str("protocol.http.proxy.user");
|
||||
unsigned char *passwd = get_opt_str("protocol.http.proxy.passwd");
|
||||
@ -660,6 +669,9 @@ http_send_header(struct socket *socket)
|
||||
}
|
||||
}
|
||||
|
||||
/* CONNECT: User-Agent does not reveal anything about the
|
||||
* resource we're fetching, and it may help the proxy return
|
||||
* better error messages. */
|
||||
optstr = get_opt_str("protocol.http.user_agent");
|
||||
if (*optstr && strcmp(optstr, " ")) {
|
||||
unsigned char *ustr, ts[64] = "";
|
||||
@ -685,33 +697,47 @@ http_send_header(struct socket *socket)
|
||||
add_crlf_to_string(&header);
|
||||
}
|
||||
|
||||
switch (get_opt_int("protocol.http.referer.policy")) {
|
||||
case REFERER_NONE:
|
||||
/* oh well */
|
||||
break;
|
||||
/* CONNECT: Referer probably is a secret page in the HTTPS
|
||||
* server, so don't reveal it to the proxy. */
|
||||
if (!use_connect) {
|
||||
switch (get_opt_int("protocol.http.referer.policy")) {
|
||||
case REFERER_NONE:
|
||||
/* oh well */
|
||||
break;
|
||||
|
||||
case REFERER_FAKE:
|
||||
optstr = get_opt_str("protocol.http.referer.fake");
|
||||
if (!optstr[0]) break;
|
||||
add_to_string(&header, "Referer: ");
|
||||
add_to_string(&header, optstr);
|
||||
add_crlf_to_string(&header);
|
||||
break;
|
||||
case REFERER_FAKE:
|
||||
optstr = get_opt_str("protocol.http.referer.fake");
|
||||
if (!optstr[0]) break;
|
||||
add_to_string(&header, "Referer: ");
|
||||
add_to_string(&header, optstr);
|
||||
add_crlf_to_string(&header);
|
||||
break;
|
||||
|
||||
case REFERER_TRUE:
|
||||
if (!conn->referrer) break;
|
||||
add_to_string(&header, "Referer: ");
|
||||
add_url_to_http_string(&header, conn->referrer, URI_HTTP_REFERRER);
|
||||
add_crlf_to_string(&header);
|
||||
break;
|
||||
case REFERER_TRUE:
|
||||
if (!conn->referrer) break;
|
||||
add_to_string(&header, "Referer: ");
|
||||
add_url_to_http_string(&header, conn->referrer, URI_HTTP_REFERRER);
|
||||
add_crlf_to_string(&header);
|
||||
break;
|
||||
|
||||
case REFERER_SAME_URL:
|
||||
add_to_string(&header, "Referer: ");
|
||||
add_url_to_http_string(&header, uri, URI_HTTP_REFERRER);
|
||||
add_crlf_to_string(&header);
|
||||
break;
|
||||
case REFERER_SAME_URL:
|
||||
add_to_string(&header, "Referer: ");
|
||||
add_url_to_http_string(&header, uri, URI_HTTP_REFERRER);
|
||||
add_crlf_to_string(&header);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* CONNECT: Do send all Accept* headers to the CONNECT proxy,
|
||||
* because they do not reveal anything about the resource
|
||||
* we're going to request via TLS, and they may affect the
|
||||
* error message if the CONNECT request fails.
|
||||
*
|
||||
* If ELinks is ever changed to vary its Accept headers based
|
||||
* on what it intends to do with the returned resource, e.g.
|
||||
* sending "Accept: text/css" when it wants an external
|
||||
* stylesheet, then it should do that only in the inner GET
|
||||
* and not in the outer CONNECT. */
|
||||
add_to_string(&header, "Accept: */*");
|
||||
add_crlf_to_string(&header);
|
||||
|
||||
@ -766,6 +792,11 @@ http_send_header(struct socket *socket)
|
||||
}
|
||||
#endif
|
||||
|
||||
/* CONNECT: Proxy-Connection is intended to be seen by the
|
||||
* proxy. If the CONNECT request succeeds, then the proxy
|
||||
* will forward the remainder of the TCP connection to the
|
||||
* origin server, and Proxy-Connection does not matter; but
|
||||
* if the request fails, then Proxy-Connection may matter. */
|
||||
/* FIXME: What about post-HTTP/1.1?? --Zas */
|
||||
if (HTTP_1_1(http->sent_version)) {
|
||||
if (!IS_PROXY_URI(conn->uri)) {
|
||||
@ -782,7 +813,9 @@ http_send_header(struct socket *socket)
|
||||
add_crlf_to_string(&header);
|
||||
}
|
||||
|
||||
if (conn->cached) {
|
||||
/* CONNECT: Do not tell the proxy anything we have cached
|
||||
* about the resource. */
|
||||
if (!use_connect && conn->cached) {
|
||||
if (!conn->cached->incomplete && conn->cached->head && conn->cached->last_modified
|
||||
&& conn->cache_mode <= CACHE_MODE_CHECK_IF_MODIFIED) {
|
||||
add_to_string(&header, "If-Modified-Since: ");
|
||||
@ -791,6 +824,8 @@ http_send_header(struct socket *socket)
|
||||
}
|
||||
}
|
||||
|
||||
/* CONNECT: Let's send cache control headers to the proxy too;
|
||||
* they may affect DNS caching. */
|
||||
if (conn->cache_mode >= CACHE_MODE_FORCE_RELOAD) {
|
||||
add_to_string(&header, "Pragma: no-cache");
|
||||
add_crlf_to_string(&header);
|
||||
@ -798,7 +833,9 @@ http_send_header(struct socket *socket)
|
||||
add_crlf_to_string(&header);
|
||||
}
|
||||
|
||||
if (conn->from || conn->progress->start > 0) {
|
||||
/* CONNECT: Do not reveal byte ranges to the proxy. It can't
|
||||
* do anything good with that information anyway. */
|
||||
if (!use_connect && (conn->from || conn->progress->start > 0)) {
|
||||
/* conn->from takes precedence. conn->progress.start is set only the first
|
||||
* time, then conn->from gets updated and in case of any retries
|
||||
* etc we have everything interesting in conn->from already. */
|
||||
@ -808,7 +845,10 @@ http_send_header(struct socket *socket)
|
||||
add_crlf_to_string(&header);
|
||||
}
|
||||
|
||||
entry = find_auth(uri);
|
||||
/* CONNECT: The Authorization header is for the origin server only. */
|
||||
if (!use_connect) {
|
||||
entry = find_auth(uri);
|
||||
}
|
||||
if (entry) {
|
||||
if (entry->digest) {
|
||||
unsigned char *response;
|
||||
@ -848,7 +888,8 @@ http_send_header(struct socket *socket)
|
||||
}
|
||||
}
|
||||
|
||||
if (uri->post) {
|
||||
/* CONNECT: Any POST data is for the origin server only. */
|
||||
if (!use_connect && uri->post) {
|
||||
/* We search for first '\n' in uri->post to get content type
|
||||
* as set by get_form_uri(). This '\n' is dropped if any
|
||||
* and replaced by correct '\r\n' termination here. */
|
||||
@ -867,7 +908,8 @@ http_send_header(struct socket *socket)
|
||||
}
|
||||
|
||||
#ifdef CONFIG_COOKIES
|
||||
{
|
||||
/* CONNECT: Cookies are for the origin server only. */
|
||||
if (!use_connect) {
|
||||
struct string *cookies = send_cookies(uri);
|
||||
|
||||
if (cookies) {
|
||||
@ -881,12 +923,17 @@ http_send_header(struct socket *socket)
|
||||
|
||||
add_crlf_to_string(&header);
|
||||
|
||||
/* CONNECT: Any POST data is for the origin server only.
|
||||
* This was already checked above and post_data is NULL
|
||||
* in that case. Verified with an assertion below. */
|
||||
if (post_data) {
|
||||
#define POST_BUFFER_SIZE 4096
|
||||
unsigned char *post = post_data;
|
||||
unsigned char buffer[POST_BUFFER_SIZE];
|
||||
int n = 0;
|
||||
|
||||
assert(!use_connect); /* see comment above */
|
||||
|
||||
while (post[0] && post[1]) {
|
||||
int h1, h2;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user