From d58baf8ea4cdefc31bd18ac0dd6eab5f86ec854f Mon Sep 17 00:00:00 2001
From: John Mark Bell <jmb@netsurf-browser.org>
Date: Fri, 19 Jun 2009 11:15:06 +0000
Subject: Permit referer to propagate to https hosts from http

svn path=/trunk/netsurf/; revision=7875
---
 content/fetch.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'content/fetch.c')

diff --git a/content/fetch.c b/content/fetch.c
index 3d68a27eb..31c1fd3cd 100644
--- a/content/fetch.c
+++ b/content/fetch.c
@@ -280,9 +280,23 @@ struct fetch * fetch_start(const char *url, const char *referer,
 		if (fetch->referer == NULL)
 			goto failed;
 
-		if (option_send_referer && ref_scheme != NULL &&
-				strcasecmp(scheme, ref_scheme) == 0)
-			fetch->send_referer = true;
+		/* Determine whether to send the Referer header */
+		if (option_send_referer && ref_scheme != NULL) {
+			/* User permits us to send the header 
+			 * Only send it if:
+			 *    1) The fetch and referer schemes match
+			 * or 2) The fetch is https and the referer is http
+			 *
+			 * This ensures that referer information is only sent
+			 * across schemes in the special case of an https
+			 * request from a page served over http. The inverse
+			 * (https -> http) should not send the referer (15.1.3)
+			 */
+			if (strcasecmp(scheme, ref_scheme) == 0 ||
+					(strcasecmp(scheme, "https") == 0 &&
+					strcasecmp(ref_scheme, "http") == 0))
+				fetch->send_referer = true;
+		}
 	}
 
 	if (fetch->url == NULL || 
-- 
cgit v1.2.3