Merge pull request #14465 from Slava/fix-14358

Add Facebook CDN to the referrer exceptions list
brave · Jun 20, 2018 · 1b3fa64 · 1b3fa64
1 parent e8975bb
commit 1b3fa64
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/app/filtering.js b/app/filtering.js
@@ -33,7 +33,7 @@ const {fullscreenOption} = require('./common/constants/settingsEnums')
 const isThirdPartyHost = require('./browser/isThirdPartyHost')
 const extensionState = require('./common/state/extensionState')
 const ledgerUtil = require('./common/lib/ledgerUtil')
-const {cookieExceptions, refererExceptions} = require('../js/data/siteHacks')
+const {cookieExceptions, isRefererException} = require('../js/data/siteHacks')
 const {getBraverySettingsCache, updateBraverySettingsCache} = require('./common/cache/braverySettingsCache')
 
 let appStore = null
@@ -293,7 +293,7 @@ module.exports.applyCookieSetting = (requestHeaders, url, firstPartyUrl, isPriva
 
     if (referer &&
         cookieSetting !== 'allowAllCookies' &&
-        !refererExceptions.includes(targetHostname) &&
+        !isRefererException(targetHostname) &&
         isThirdPartyHost(targetHostname, urlParse(referer).hostname)) {
       // Spoof third party referer
       requestHeaders['Referer'] = targetOrigin

diff --git a/js/data/siteHacks.js b/js/data/siteHacks.js
@@ -32,7 +32,11 @@ module.exports.cookieExceptions = {
 }
 
 // Third party domains that require a valid referer to work
-module.exports.refererExceptions = ['use.typekit.net', 'cloud.typography.com', 'www.moremorewin.net']
+const refererExceptions = ['use.typekit.net', 'cloud.typography.com', 'www.moremorewin.net']
+const refererExceptionsRegex = [/.*\.fbcdn\.net$/]
+module.exports.isRefererException = (hostname) =>
+  refererExceptions.includes(hostname) || refererExceptionsRegex.some(regex => regex.test(hostname))
+module.exports.getTestRefererException = () => refererExceptions[0]
 
 /**
  * Holds an array of [Primary URL, subresource URL] to allow 3rd party localstorage.

diff --git a/test/unit/app/filteringTest.js b/test/unit/app/filteringTest.js
@@ -2,7 +2,7 @@
 const mockery = require('mockery')
 const assert = require('assert')
 const sinon = require('sinon')
-const {cookieExceptions, refererExceptions} = require('../../../js/data/siteHacks')
+const {cookieExceptions, getTestRefererException} = require('../../../js/data/siteHacks')
 
 require('../braveUnit')
 
@@ -197,7 +197,7 @@ describe('filtering unit tests', function () {
 
       describe('when there is a referer exception', function () {
         it('keeps the referer field', function () {
-          const url = 'https://' + refererExceptions[0]
+          const url = 'https://' + getTestRefererException()
           const firstPartyUrl = 'https://slashdot.org/'
           const requestHeaders = {
             Referer: 'https://brave.com'