diff options
| author | René 'Necoro' Neumann <necoro@necoro.eu> | 2022-01-09 23:53:26 +0100 |
|---|---|---|
| committer | René 'Necoro' Neumann <necoro@necoro.eu> | 2022-01-11 17:10:16 +0100 |
| commit | 313da6b5696088b6b493695000ef790f277ed505 (patch) | |
| tree | 4ee08b6eadec7a95dea6a60cec6d3f46b57dd2eb /internal | |
| parent | c3b84b06ff16aa0ae280538b08ee4912c3d215a8 (diff) | |
| download | feed2imap-go-cookies.tar.gz feed2imap-go-cookies.tar.bz2 feed2imap-go-cookies.zip | |
Ensure that cookies are sent only to the correct domains.cookies
We want to avoid that authentication data is sent when fetching images from external sources, for instance.
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/feed/feed.go | 11 | ||||
| -rw-r--r-- | internal/http/client.go | 42 |
2 files changed, 46 insertions, 7 deletions
diff --git a/internal/feed/feed.go b/internal/feed/feed.go index f31de65..f403036 100644 --- a/internal/feed/feed.go +++ b/internal/feed/feed.go @@ -21,6 +21,7 @@ type Feed struct { items []Item Global config.GlobalOptions extID FeedID + jar http.CookieJar } type FeedID interface { @@ -35,10 +36,18 @@ type Descriptor struct { } func (feed *Feed) Context() http.Context { + if feed.Url != "" && len(feed.Cookies) > 0 && feed.jar == nil { + var err error + feed.jar, err = http.JarOfCookies(feed.Cookies, feed.Url) + if err != nil { + log.Errorf("Error while initialising cookies for feed '%s': %w", feed.Name, err) + } + } + return http.Context{ Timeout: feed.Global.Timeout, DisableTLS: feed.NoTLS, - Cookies: feed.Cookies, + Jar: feed.jar, } } diff --git a/internal/http/client.go b/internal/http/client.go index 4272a5b..b47203d 100644 --- a/internal/http/client.go +++ b/internal/http/client.go @@ -5,6 +5,8 @@ import ( "crypto/tls" "fmt" "net/http" + "net/http/cookiejar" + urlpkg "net/url" "time" ) @@ -23,7 +25,7 @@ type Error struct { type Context struct { Timeout int DisableTLS bool - Cookies []Cookie + Jar CookieJar } func (err Error) Error() string { @@ -55,8 +57,35 @@ func client(disableTLS bool) *http.Client { var noop ctxt.CancelFunc = func() {} type Cookie struct { - Name string - Value string + Name string + Value string + Domain string +} + +type CookieJar http.CookieJar + +func JarOfCookies(cookies []Cookie, url string) (CookieJar, error) { + jar, err := cookiejar.New(nil) + if err != nil { + return nil, err + } + + cs := make([]*http.Cookie, len(cookies)) + for i, c := range cookies { + cs[i] = &http.Cookie{Name: c.Name, Value: c.Value, Domain: c.Domain} + } + + u, err := urlpkg.Parse(url) + if err != nil { + return nil, err + } + + // ignore the path of the URL + u.Path = "" + + jar.SetCookies(u, cs) + + return jar, nil } func Get(url string, ctx Context) (resp *http.Response, cancel ctxt.CancelFunc, err error) { @@ -82,9 +111,10 @@ func Get(url string, ctx Context) (resp *http.Response, cancel ctxt.CancelFunc, } req.Header.Set("User-Agent", "Feed2Imap-Go/1.0") - for _, c := range ctx.Cookies { - cookie := http.Cookie{Name: c.Name, Value: c.Value} - req.AddCookie(&cookie) + if ctx.Jar != nil { + for _, c := range ctx.Jar.Cookies(req.URL) { + req.AddCookie(c) + } } resp, err = client(ctx.DisableTLS).Do(req) |