From 076cd89977b3529fda2758e2b1d8d8fb5daf2006 Mon Sep 17 00:00:00 2001
From: yan <yan@mit.edu>
Date: Thu, 31 Aug 2017 19:03:55 +0000
Subject: [PATCH] Spoof referer header on cross-origin navigations

Previously we were only spoofing it on cross-origin subresource requests, not
navigations. Fix #10721

Test Plan:
go to https://community.brave.com/t/tracking-not-blocked/6787 and click on the two links in the post
the sites should report the referer as the origin of the site itself, not community.brave.com
now turn off shields on one of the sites
repeat steps 1 and 2. the site should now report the referer as community.brave.com

Auditors: @bbondy
---
 app/filtering.js | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/app/filtering.js b/app/filtering.js
index 64e5de0931d..077430a3afd 100644
--- a/app/filtering.js
+++ b/app/filtering.js
@@ -287,6 +287,7 @@ function registerForBeforeSendHeaders (session, partition) {
     if (cookieSetting) {
       const parsedTargetUrl = urlParse(details.url || '')
       const parsedFirstPartyUrl = urlParse(firstPartyUrl)
+      const targetOrigin = details.url
 
       if (cookieSetting === 'blockAllCookies' ||
         isThirdPartyHost(parsedFirstPartyUrl.hostname, parsedTargetUrl.hostname)) {
@@ -295,11 +296,15 @@ function registerForBeforeSendHeaders (session, partition) {
             getOrigin(firstPartyUrl) !== pdfjsOrigin) {
           requestHeaders['Cookie'] = undefined
         }
-        if (cookieSetting !== 'blockAllCookies' &&
-            requestHeaders['Referer'] &&
-            !refererExceptions.includes(parsedTargetUrl.hostname)) {
-          requestHeaders['Referer'] = getOrigin(details.url)
-        }
+      }
+      const referer = requestHeaders['Referer']
+      if (referer &&
+          cookieSetting !== 'allowAllCookies' &&
+          !refererExceptions.includes(parsedTargetUrl.hostname) &&
+          targetOrigin !== getOrigin(referer)) {
+        // Unless the setting is 'allow all cookies', spoof the referer if it
+        // is a cross-origin referer
+        requestHeaders['Referer'] = targetOrigin
       }
     }
     if (sendDNT) {