Instead of an order form page I get an ecommerce security warning

bug 128213 r=rpotts sr=darin a=asa
2002-03-18 05:20:58 +00:00 · 2002-03-18 05:20:58 +00:00 · 298d74cdb6
--- a/netwerk/protocol/http/src/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/src/nsHttpChannel.cpp
@ -2198,10 +2198,13 @@ nsHttpChannel::SetReferrer(nsIURI *referrer, PRUint32 referrerType)
            mURI->GetAsciiHost(host);
            mURI->SchemeIs("https", &isHTTPS);

-            if (nsCRT::strcasecmp(referrerHost.get(), host.get()) != 0)
-                return NS_OK;
            if (!isHTTPS)
                return NS_OK;
+
+            if ((nsCRT::strcasecmp(referrerHost.get(), host.get()) != 0) &&
+                (!nsHttpHandler::get()->SendSecureXSiteReferrer()))
+                return NS_OK;
+
        }
    }

--- a/netwerk/protocol/http/src/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/src/nsHttpHandler.cpp
@ -119,6 +119,7 @@ nsHttpHandler::nsHttpHandler()
    , mConnectionLock(nsnull)
    , mUserAgentIsDirty(PR_TRUE)
    , mUseCache(PR_TRUE)
+    , mSendSecureXSiteReferrer(PR_FALSE)
 {
    NS_INIT_ISUPPORTS();

@ -1337,6 +1338,12 @@ nsHttpHandler::PrefsChanged(nsIPrefBranch *prefs, const char *pref)
        }
    }

+    if (PREF_CHANGED(HTTP_PREF("sendSecureXSiteReferrer"))) {
+        rv = prefs->GetBoolPref(HTTP_PREF("sendSecureXSiteReferrer"), &cVar);
+        if (NS_SUCCEEDED(rv))
+            mSendSecureXSiteReferrer = cVar;
+    }
+
    /*
    if (bChangedAll || PL_strcmp(pref, "network.http.connect.timeout") == 0)
        prefs->GetIntPref("network.http.connect.timeout", &mConnectTimeout);
--- a/netwerk/protocol/http/src/nsHttpHandler.h
+++ b/netwerk/protocol/http/src/nsHttpHandler.h
@ -86,6 +86,7 @@ public:
    const char   *UserAgent();
    nsHttpVersion DefaultVersion()     { return mHttpVersion; }
    PRUint8       ReferrerLevel()      { return mReferrerLevel; }
+    PRBool        SendSecureXSiteReferrer() { return mSendSecureXSiteReferrer; }
    PRUint8       RedirectionLimit()   { return mRedirectionLimit; }
    PRUint16      IdleTimeout()        { return mIdleTimeout; }
    PRUint16      MaxRequestAttempts() { return mMaxRequestAttempts; }
@ -269,6 +270,9 @@ private:
    PRPackedBool   mUserAgentIsDirty; // true if mUserAgent should be rebuilt

    PRPackedBool   mUseCache;
+    // mSendSecureXSiteReferrer: default is false, 
+    // if true allow referrer headers between secure non-matching hosts
+    PRPackedBool   mSendSecureXSiteReferrer;
 };

 #endif // nsHttpHandler_h__