diff options
author | René 'Necoro' Neumann <necoro@necoro.eu> | 2022-01-09 23:53:26 +0100 |
---|---|---|
committer | René 'Necoro' Neumann <necoro@necoro.eu> | 2022-01-11 17:10:16 +0100 |
commit | 313da6b5696088b6b493695000ef790f277ed505 (patch) | |
tree | 4ee08b6eadec7a95dea6a60cec6d3f46b57dd2eb /internal/http | |
parent | c3b84b06ff16aa0ae280538b08ee4912c3d215a8 (diff) | |
download | feed2imap-go-313da6b5696088b6b493695000ef790f277ed505.tar.gz feed2imap-go-313da6b5696088b6b493695000ef790f277ed505.tar.bz2 feed2imap-go-313da6b5696088b6b493695000ef790f277ed505.zip |
Ensure that cookies are sent only to the correct domains.cookies
We want to avoid that authentication data is sent when fetching images from external sources, for instance.
Diffstat (limited to 'internal/http')
-rw-r--r-- | internal/http/client.go | 42 |
1 files changed, 36 insertions, 6 deletions
diff --git a/internal/http/client.go b/internal/http/client.go index 4272a5b..b47203d 100644 --- a/internal/http/client.go +++ b/internal/http/client.go @@ -5,6 +5,8 @@ import ( "crypto/tls" "fmt" "net/http" + "net/http/cookiejar" + urlpkg "net/url" "time" ) @@ -23,7 +25,7 @@ type Error struct { type Context struct { Timeout int DisableTLS bool - Cookies []Cookie + Jar CookieJar } func (err Error) Error() string { @@ -55,8 +57,35 @@ func client(disableTLS bool) *http.Client { var noop ctxt.CancelFunc = func() {} type Cookie struct { - Name string - Value string + Name string + Value string + Domain string +} + +type CookieJar http.CookieJar + +func JarOfCookies(cookies []Cookie, url string) (CookieJar, error) { + jar, err := cookiejar.New(nil) + if err != nil { + return nil, err + } + + cs := make([]*http.Cookie, len(cookies)) + for i, c := range cookies { + cs[i] = &http.Cookie{Name: c.Name, Value: c.Value, Domain: c.Domain} + } + + u, err := urlpkg.Parse(url) + if err != nil { + return nil, err + } + + // ignore the path of the URL + u.Path = "" + + jar.SetCookies(u, cs) + + return jar, nil } func Get(url string, ctx Context) (resp *http.Response, cancel ctxt.CancelFunc, err error) { @@ -82,9 +111,10 @@ func Get(url string, ctx Context) (resp *http.Response, cancel ctxt.CancelFunc, } req.Header.Set("User-Agent", "Feed2Imap-Go/1.0") - for _, c := range ctx.Cookies { - cookie := http.Cookie{Name: c.Name, Value: c.Value} - req.AddCookie(&cookie) + if ctx.Jar != nil { + for _, c := range ctx.Jar.Cookies(req.URL) { + req.AddCookie(c) + } } resp, err = client(ctx.DisableTLS).Do(req) |