From abf2bac30e6dc7f64da8c0ce833452fccc8ea539 Mon Sep 17 00:00:00 2001
From: hackademix <giorgio@maone.net>
Date: Fri, 9 Jun 2023 15:31:30 +0200
Subject: [PATCH] [TabGuard] Remove Set-Cookie headers from anonymized requests
 to prevent unreversible authorization loss.

---
 src/bg/RequestGuard.js |  2 +-
 src/bg/TabGuard.js     | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index 1ccab69..d2054ea 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -633,7 +633,6 @@ var RequestGuard = (() => {
       normalizeRequest(request);
       let result = ALLOW;
       let promises = [];
-      let headersModified = false;
 
       pending.headersProcessed = true;
       let {url, documentUrl, tabId, responseHeaders, type} = request;
@@ -658,6 +657,7 @@ var RequestGuard = (() => {
             capabilities && !capabilities.has("script"));
         }
         let header = csp.patchHeaders(responseHeaders, capabilities);
+        let headersModified = TabGuard.onReceive(request);
         /*
         // Uncomment me to disable networking-level CSP for debugging purposes
         header = null;
diff --git a/src/bg/TabGuard.js b/src/bg/TabGuard.js
index fa42a17..ae989f8 100644
--- a/src/bg/TabGuard.js
+++ b/src/bg/TabGuard.js
@@ -55,6 +55,7 @@ var TabGuard = (() => {
 
   return {
     forget,
+    // must be called from a webRequest.onBeforeSendHeaders blocking listener
     onSend(request) {
       const mode = ns.sync.TabGuardMode;
       if (mode === "off" || !request.incognito && mode!== "global") return;
@@ -200,6 +201,21 @@ var TabGuard = (() => {
         return mustFilter ? filterAuth() : null;
       })();
     },
+    // must be called from a webRequest.onHeadersReceived blocking listener
+    onReceive(request) {
+      if (!anonymizedRequests.has(request.id)) return false;
+      let headersModified = false;
+      let {responseHeaders} = request;
+      for (let j = responseHeaders.length; j-- > 0;) {
+        let h = responseHeaders[j];
+        if (h.name.toLowerCase() === "set-cookie") {
+          responseHeaders.splice(j, 1);
+          headersModified = true;
+        }
+      }
+      return headersModified;
+    },
+    // must be called after response headers have been processed or the load has been otherwise terminated
     onCleanup(request) {
       let {requestId, tabId} = request;
       if (scheduledCuts.has(requestId)) {