From: Fabian Keil <fk@fabiankeil.de>
Date: Sun, 9 Jun 2024 12:50:34 +0000 (+0200)
Subject: is_untrusted_url(): Search the encrypted headers for the Referer
X-Git-Url: http://www.privoxy.org/gitweb/-%22http:/sourceforge.net/static/show-status?a=commitdiff_plain;h=d01b378bd66411aab21d9c51cf670ba6e71b7817;p=privoxy.git

is_untrusted_url(): Search the encrypted headers for the Referer

... when the client is using https and https inspection is enabled.

Fixes the trust mechanism for https requests.

Reported by Laurent Caumont in #1767.
---

diff --git a/filters.c b/filters.c
index 5bb5666d..7b834948 100644
--- a/filters.c
+++ b/filters.c
@@ -1417,12 +1417,24 @@ int is_untrusted_url(const struct client_state *csp)
       }
    }
 
-   if (NULL == (referer = get_header_value(csp->headers, "Referer:")))
+#ifdef FEATURE_HTTPS_INSPECTION
+   if (client_use_ssl(csp))
    {
-      /* no referrer was supplied */
-      return 1;
+      if (NULL == (referer = get_header_value(csp->https_headers, "Referer:")))
+      {
+         /* no referrer was supplied */
+         return 1;
+      }
+   }
+   else
+#endif
+   {
+      if (NULL == (referer = get_header_value(csp->headers, "Referer:")))
+      {
+         /* no referrer was supplied */
+         return 1;
+      }
    }
-
 
    /*
     * If not, do we maybe trust its referrer?