W3C home > Mailing lists > Public > www-validator-cvs@w3.org > November 2011

2002/css-validator/org/w3c/css/util HTTPURL.java,1.25,1.26

From: Yves Lafon via cvs-syncmail <cvsmail@w3.org>
Date: Fri, 04 Nov 2011 21:07:56 +0000
To: www-validator-cvs@w3.org
Message-Id: <E1RMQzU-0004ov-A4@lionel-hutz.w3.org>
Update of /sources/public/2002/css-validator/org/w3c/css/util
In directory hutz:/tmp/cvs-serv18515/org/w3c/css/util

Modified Files:
	HTTPURL.java 
Log Message:
https fix (thanks again to Ville)

Index: HTTPURL.java
===================================================================
RCS file: /sources/public/2002/css-validator/org/w3c/css/util/HTTPURL.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- HTTPURL.java	3 Nov 2011 16:00:39 -0000	1.25
+++ HTTPURL.java	4 Nov 2011 21:07:54 -0000	1.26
@@ -226,6 +226,7 @@
         urlC.setRequestProperty("User-Agent",
                 "Jigsaw/2.2.5 W3C_CSS_Validator_JFouffa/2.0");
         // referrer
+        setReferrer(urlC, ref);
         if (ref != null) {
             urlC.setRequestProperty("Referer", ref.toExternalForm());
         }
@@ -364,6 +365,30 @@
         return charset;
     }
 
+    // used to set referrer
+    private static void setReferrer(URLConnection connection, URL referrer) {
+        if (referrer == null) {
+            return;
+        }
+        URL current = connection.getURL();
+        String curProtocol = current.getProtocol();
+        String refProtocol = referrer.getProtocol();
+        if ("https".equalsIgnoreCase(refProtocol)) {
+            if (!"https".equalsIgnoreCase(curProtocol)) {
+                // exit, we won't disclose information on non-https
+                // connections  (ref using https, req using http)
+                return;
+            }
+            // ok so we have https for both, avoid leaking information
+            // so check that hosts are the same
+            if (!current.getHost().equalsIgnoreCase(referrer.getHost())) {
+                return;
+            }
+        }
+        // ok good, let's do it
+        connection.setRequestProperty("Referer", referrer.toExternalForm());
+    }
+
     /**
      *
      */
Received on Friday, 4 November 2011 21:10:01 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:17:47 UTC