[TabGuard] Decouple tab ties cutting from one-shot authorized loads cases for same-site navigation.
This commit is contained in:
parent
417d592363
commit
df3c164304
|
@ -89,33 +89,40 @@ var TabGuard = (() => {
|
||||||
anonymizedTabs.delete(tabId);
|
anonymizedTabs.delete(tabId);
|
||||||
let headers = flattenHeaders(requestHeaders);
|
let headers = flattenHeaders(requestHeaders);
|
||||||
let shouldCut = false;
|
let shouldCut = false;
|
||||||
|
let safeAuth = false;
|
||||||
if (headers["sec-fetch-user"] === "?1") {
|
if (headers["sec-fetch-user"] === "?1") {
|
||||||
// user-activated navigation
|
// user-activated navigation
|
||||||
switch(headers["sec-fetch-site"]) {
|
switch(headers["sec-fetch-site"]) {
|
||||||
case "same-site":
|
case "same-site":
|
||||||
case "same-origin":
|
case "same-origin":
|
||||||
// cut only if same site & same tab
|
// Same site manual navigation:
|
||||||
|
// cut only if same tab (prevents automatic redirections to victim sites in new tabs)
|
||||||
shouldCut = tab && originUrl === tab.url && ![...TabTies.get(tabId)]
|
shouldCut = tab && originUrl === tab.url && ![...TabTies.get(tabId)]
|
||||||
.filter(tid => tid !== tabId).map(TabCache.get)
|
.filter(tid => tid !== tabId).map(TabCache.get)
|
||||||
.some(t => t && t.url === originUrl);
|
.some(t => t && t.url === originUrl);
|
||||||
|
// either way we can send authorization data
|
||||||
|
safeAuth = true;
|
||||||
break;
|
break;
|
||||||
case "none":
|
case "none":
|
||||||
// nav bar or bookmark
|
// nav bar or bookmark
|
||||||
shouldCut = true;
|
safeAuth = shouldCut = true;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
// manual reload?
|
// cut only on manual reloads
|
||||||
shouldCut = tab && tab.url === request.url && tab.active;
|
safeAuth = shouldCut = tab && tab.url === request.url && tab.active;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (shouldCut) {
|
if (shouldCut) {
|
||||||
debug("[TabGuard] User-typed, bookmark or user-activated same-site-same-tab navigation: scheduling tab ties cut.", tabId, request);
|
debug("[TabGuard] User-typed, bookmark or user-activated same-site-same-tab navigation: scheduling tab ties cut and loading with auth.", tabId, request);
|
||||||
scheduledCuts.add(request.requestId);
|
scheduledCuts.add(request.requestId);
|
||||||
return;
|
|
||||||
} else {
|
} else {
|
||||||
debug("[TabGuard] Automatic or cross-site navigation, keeping tab ties.", tabId, request);
|
debug("[TabGuard] Automatic or cross-site navigation, keeping tab ties.", tabId, request);
|
||||||
scheduledCuts.delete(request.requestId);
|
scheduledCuts.delete(request.requestId);
|
||||||
}
|
}
|
||||||
|
if (safeAuth) {
|
||||||
|
debug("[TabGuard] User-activated same-site navigation, loading with auth.", tabId, request);
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let targetDomain = getDomain(url);
|
let targetDomain = getDomain(url);
|
||||||
|
|
Loading…
Reference in New Issue