[TabGuard] Decouple tab ties cutting from one-shot authorized loads cases for same-site navigation.

This commit is contained in:
hackademix 2023-06-15 23:19:11 +02:00
parent 417d592363
commit df3c164304
No known key found for this signature in database
GPG Key ID: 231A83AFDA9C2434
1 changed files with 13 additions and 6 deletions

View File

@ -89,33 +89,40 @@ var TabGuard = (() => {
anonymizedTabs.delete(tabId); anonymizedTabs.delete(tabId);
let headers = flattenHeaders(requestHeaders); let headers = flattenHeaders(requestHeaders);
let shouldCut = false; let shouldCut = false;
let safeAuth = false;
if (headers["sec-fetch-user"] === "?1") { if (headers["sec-fetch-user"] === "?1") {
// user-activated navigation // user-activated navigation
switch(headers["sec-fetch-site"]) { switch(headers["sec-fetch-site"]) {
case "same-site": case "same-site":
case "same-origin": case "same-origin":
// cut only if same site & same tab // Same site manual navigation:
// cut only if same tab (prevents automatic redirections to victim sites in new tabs)
shouldCut = tab && originUrl === tab.url && ![...TabTies.get(tabId)] shouldCut = tab && originUrl === tab.url && ![...TabTies.get(tabId)]
.filter(tid => tid !== tabId).map(TabCache.get) .filter(tid => tid !== tabId).map(TabCache.get)
.some(t => t && t.url === originUrl); .some(t => t && t.url === originUrl);
// either way we can send authorization data
safeAuth = true;
break; break;
case "none": case "none":
// nav bar or bookmark // nav bar or bookmark
shouldCut = true; safeAuth = shouldCut = true;
break; break;
default: default:
// manual reload? // cut only on manual reloads
shouldCut = tab && tab.url === request.url && tab.active; safeAuth = shouldCut = tab && tab.url === request.url && tab.active;
} }
} }
if (shouldCut) { if (shouldCut) {
debug("[TabGuard] User-typed, bookmark or user-activated same-site-same-tab navigation: scheduling tab ties cut.", tabId, request); debug("[TabGuard] User-typed, bookmark or user-activated same-site-same-tab navigation: scheduling tab ties cut and loading with auth.", tabId, request);
scheduledCuts.add(request.requestId); scheduledCuts.add(request.requestId);
return;
} else { } else {
debug("[TabGuard] Automatic or cross-site navigation, keeping tab ties.", tabId, request); debug("[TabGuard] Automatic or cross-site navigation, keeping tab ties.", tabId, request);
scheduledCuts.delete(request.requestId); scheduledCuts.delete(request.requestId);
} }
if (safeAuth) {
debug("[TabGuard] User-activated same-site navigation, loading with auth.", tabId, request);
return;
}
} }
let targetDomain = getDomain(url); let targetDomain = getDomain(url);