- From: Yves Lafon via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 04 Nov 2011 21:07:56 +0000
- To: www-validator-cvs@w3.org
Update of /sources/public/2002/css-validator/org/w3c/css/util
In directory hutz:/tmp/cvs-serv18515/org/w3c/css/util
Modified Files:
HTTPURL.java
Log Message:
https fix (thanks again to Ville)
Index: HTTPURL.java
===================================================================
RCS file: /sources/public/2002/css-validator/org/w3c/css/util/HTTPURL.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- HTTPURL.java 3 Nov 2011 16:00:39 -0000 1.25
+++ HTTPURL.java 4 Nov 2011 21:07:54 -0000 1.26
@@ -226,6 +226,7 @@
urlC.setRequestProperty("User-Agent",
"Jigsaw/2.2.5 W3C_CSS_Validator_JFouffa/2.0");
// referrer
+ setReferrer(urlC, ref);
if (ref != null) {
urlC.setRequestProperty("Referer", ref.toExternalForm());
}
@@ -364,6 +365,30 @@
return charset;
}
+ // used to set referrer
+ private static void setReferrer(URLConnection connection, URL referrer) {
+ if (referrer == null) {
+ return;
+ }
+ URL current = connection.getURL();
+ String curProtocol = current.getProtocol();
+ String refProtocol = referrer.getProtocol();
+ if ("https".equalsIgnoreCase(refProtocol)) {
+ if (!"https".equalsIgnoreCase(curProtocol)) {
+ // exit, we won't disclose information on non-https
+ // connections (ref using https, req using http)
+ return;
+ }
+ // ok so we have https for both, avoid leaking information
+ // so check that hosts are the same
+ if (!current.getHost().equalsIgnoreCase(referrer.getHost())) {
+ return;
+ }
+ }
+ // ok good, let's do it
+ connection.setRequestProperty("Referer", referrer.toExternalForm());
+ }
+
/**
*
*/
Received on Friday, 4 November 2011 21:10:01 UTC