From 313da6b5696088b6b493695000ef790f277ed505 Mon Sep 17 00:00:00 2001
From: René 'Necoro' Neumann <necoro@necoro.eu>
Date: Sun, 9 Jan 2022 23:53:26 +0100
Subject: Ensure that cookies are sent only to the correct domains.

We want to avoid that authentication data is sent when fetching images from external sources, for instance.
---
 internal/http/client.go | 42 ++++++++++++++++++++++++++++++++++++------
 1 file changed, 36 insertions(+), 6 deletions(-)

(limited to 'internal/http/client.go')
diff --git a/internal/http/client.go b/internal/http/client.go
index 4272a5b..b47203d 100644
--- a/internal/http/client.go
+++ b/internal/http/client.go
@@ -5,6 +5,8 @@ import (
 	"crypto/tls"
 	"fmt"
 	"net/http"
+	"net/http/cookiejar"
+	urlpkg "net/url"
 	"time"
 )
 
@@ -23,7 +25,7 @@ type Error struct {
 type Context struct {
 	Timeout    int
 	DisableTLS bool
-	Cookies    []Cookie
+	Jar        CookieJar
 }
 
 func (err Error) Error() string {
@@ -55,8 +57,35 @@ func client(disableTLS bool) *http.Client {
 var noop ctxt.CancelFunc = func() {}
 
 type Cookie struct {
-	Name  string
-	Value string
+	Name   string
+	Value  string
+	Domain string
+}
+
+type CookieJar http.CookieJar
+
+func JarOfCookies(cookies []Cookie, url string) (CookieJar, error) {
+	jar, err := cookiejar.New(nil)
+	if err != nil {
+		return nil, err
+	}
+
+	cs := make([]*http.Cookie, len(cookies))
+	for i, c := range cookies {
+		cs[i] = &http.Cookie{Name: c.Name, Value: c.Value, Domain: c.Domain}
+	}
+
+	u, err := urlpkg.Parse(url)
+	if err != nil {
+		return nil, err
+	}
+
+	// ignore the path of the URL
+	u.Path = ""
+
+	jar.SetCookies(u, cs)
+
+	return jar, nil
 }
 
 func Get(url string, ctx Context) (resp *http.Response, cancel ctxt.CancelFunc, err error) {
@@ -82,9 +111,10 @@ func Get(url string, ctx Context) (resp *http.Response, cancel ctxt.CancelFunc,
 	}
 	req.Header.Set("User-Agent", "Feed2Imap-Go/1.0")
 
-	for _, c := range ctx.Cookies {
-		cookie := http.Cookie{Name: c.Name, Value: c.Value}
-		req.AddCookie(&cookie)
+	if ctx.Jar != nil {
+		for _, c := range ctx.Jar.Cookies(req.URL) {
+			req.AddCookie(c)
+		}
 	}
 
 	resp, err = client(ctx.DisableTLS).Do(req)
-- 
cgit v1.2.3-70-g09d2

>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/portato.git/log/?h=v0.14&amp;id=cd6bfb92c8cf8bb18a77d84e3592002123f3407e&amp;follow=1'>root</a>/<a href='/portato.git/log/portato?h=v0.14&amp;id=cd6bfb92c8cf8bb18a77d84e3592002123f3407e&amp;follow=1'>portato</a>/<a href='/portato.git/log/portato/db?h=v0.14&amp;id=cd6bfb92c8cf8bb18a77d84e3592002123f3407e&amp;follow=1'>db</a>/<a href='/portato.git/log/portato/db/database.py?h=v0.14&amp;id=cd6bfb92c8cf8bb18a77d84e3592002123f3407e&amp;follow=1'>database.py</a> (<a href='/portato.git/log/portato/db/database.py?h=v0.14&amp;id=cd6bfb92c8cf8bb18a77d84e3592002123f3407e'>unfollow</a>)</div><div class='content'><table class='list nowrap'><tr class='nohover'><th></th><th class='left'>Commit message (<a href='/portato.git/log/portato/db/database.py?h=v0.14&amp;id=cd6bfb92c8cf8bb18a77d84e3592002123f3407e&amp;showmsg=1&amp;follow=1'>Expand</a>)</th><th class='left'>Author</th><th class='left'>Files</th><th class='left'>Lines</th></tr>
<tr><td><span title='2010-05-11 17:54:33 +0200'>2010-05-11</span></td><td><a href='/portato.git/commit/setup.py?h=v0.14&amp;id=e87628fae9c1277e96be51fadb223b4605717437&amp;follow=1'>Improve setup.py for release script</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-3</span>/<span class='insertions'>+8</span></td></tr>
<tr><td><span title='2010-05-11 17:54:10 +0200'>2010-05-11</span></td><td><a href='/portato.git/commit/portato/constants.py?h=v0.14&amp;id=5fcdfa0c56c0bcaf3d1007eef644e627893f0923&amp;follow=1'>Improve constants.py for release script</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-6</span>/<span class='insertions'>+11</span></td></tr>
<tr><td><span title='2010-05-05 23:44:13 +0200'>2010-05-05</span></td><td><a href='/portato.git/commit/i18n/pl.po?h=v0.14&amp;id=3f5089bfff79d44d28254e8ff0be8da5125789a9&amp;follow=1'>Updated polish translation</a></td><td>Tomasz Osiński</td><td>1</td><td><span class='deletions'>-337</span>/<span class='insertions'>+451</span></td></tr>
<tr><td><span title='2010-04-28 21:44:49 +0200'>2010-04-28</span></td><td><a href='/portato.git/commit/i18n/es.po?h=v0.14&amp;id=8c1111d99b692f14e3a41b25159364f2ac83335b&amp;follow=1'>Updated Spanish translation</a></td><td>Daniel Halens</td><td>1</td><td><span class='deletions'>-346</span>/<span class='insertions'>+470</span></td></tr>
<tr><td><span title='2010-04-26 18:29:48 +0200'>2010-04-26</span></td><td><a href='/portato.git/commit/i18n/it.po?h=v0.14&amp;id=15a7c4a9ed20ad25f5a6a2f5268b4bce49cef9a7&amp;follow=1'>Updated italian translation. Thx to Ponsi</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-82</span>/<span class='insertions'>+66</span></td></tr>
<tr><td><span title='2010-04-23 01:02:32 +0200'>2010-04-23</span></td><td><a href='/portato.git/commit/plugins/new_version.py?h=v0.14&amp;id=3fddc267618c034aae980060e560ce80ba20cbe6&amp;follow=1'>new version plugin showed the versions in the wrong order</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-23 01:00:55 +0200'>2010-04-23</span></td><td><a href='/portato.git/commit/portato/gui/queue.py?h=v0.14&amp;id=41dba09a8be14c85403bc9ea59001c2528e4f0cc&amp;follow=1'>Clearer debug message for packages not in mergequeue</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-23 00:58:06 +0200'>2010-04-23</span></td><td><a href='/portato.git/commit/portato/constants.py?h=v0.14&amp;id=ad22f8ddd205c8110ffa5b2dae4f5d1fc2c21e87&amp;follow=1'>Reset HOME to /root for root</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-0</span>/<span class='insertions'>+4</span></td></tr>
<tr><td><span title='2010-04-23 00:43:40 +0200'>2010-04-23</span></td><td><a href='/portato.git/commit/portato/db/sql.py?h=v0.14&amp;id=d89a5d18378a79b4f9fb6b6738f2a5e008539a3c&amp;follow=1'>Small error in sqldb</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-22 23:21:05 +0800'>2010-04-22</span></td><td><a href='/portato.git/commit/i18n/fr.po?h=v0.14&amp;id=907de24260d48e10ba67f92c13a163de895af8da&amp;follow=1'>Updated french translation to current translation status.</a></td><td>Clement Bourgeois</td><td>1</td><td><span class='deletions'>-77</span>/<span class='insertions'>+84</span></td></tr>
<tr><td><span title='2010-04-19 20:25:07 +0200'>2010-04-19</span></td><td><a href='/portato.git/commit/doc/TRANSLATORS?h=v0.14&amp;id=03c509f24a4059c882786e764c50c4f801e03a60&amp;follow=1'>Typo in TRANSLATORS</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-19 20:14:38 +0200'>2010-04-19</span></td><td><a href='/portato.git/commit/i18n/pt_BR.po?h=v0.14&amp;id=d69267187575427b029f3d12b27ebb0278f3b884&amp;follow=1'>Updated portguese translation</a></td><td>Alberto Federman Neto</td><td>1</td><td><span class='deletions'>-348</span>/<span class='insertions'>+469</span></td></tr>
<tr><td><span title='2010-04-19 19:43:37 +0200'>2010-04-19</span></td><td><a href='/portato.git/commit/portato/eix/py_parser.py?h=v0.14&amp;id=8ab3b62a6cd6b0d96409cd2cb0c9ef3150ebc1ab&amp;follow=1'>Remove unused pythonic eix parser implementation</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-416</span>/<span class='insertions'>+0</span></td></tr>
<tr><td><span title='2010-04-19 19:10:27 +0200'>2010-04-19</span></td><td><a href='/portato.git/commit/portato/gui/windows/basic.py?h=v0.14&amp;id=92f1cd3d0eb611fec2db5778b9a3c7b72e29892e&amp;follow=1'>Connect the accels from the menu.</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-12</span>/<span class='insertions'>+16</span></td></tr>
<tr><td><span title='2010-04-19 18:07:09 +0200'>2010-04-19</span></td><td><a href='/portato.git/commit/portato/log.py?h=v0.14&amp;id=2d8f0114af0d278c035db42bb16f7790f17da05e&amp;follow=1'>Replace 'Portage Warning' by 'External Warning'</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-17 14:42:39 +0200'>2010-04-17</span></td><td><a href='/portato.git/commit/i18n/it.po?h=v0.14&amp;id=c1ddcd3bd5ec15c9359f03f096b0c83391e4e48b&amp;follow=1'>Updated italian translation. Thx to Ponsi</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-314</span>/<span class='insertions'>+369</span></td></tr>
<tr><td><span title='2010-04-16 01:37:11 +0200'>2010-04-16</span></td><td><a href='/portato.git/commit/portato/gui/dialogs.py?h=v0.14&amp;id=ece9295ade05250c8b67712878a013a5ffc73567&amp;follow=1'>Fix gtk deprecation warning</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-16 01:31:48 +0200'>2010-04-16</span></td><td><a href='/portato.git/commit/portato/gui/windows/main.py?h=v0.14&amp;id=389e70969d903f2c76fc62b6ba02254d4fa4710b&amp;follow=1'>Typo</a></td><td>René 'Necoro' Neumann</td><td>2</td><td><span class='deletions'>-3</span>/<span class='insertions'>+3</span></td></tr>
<tr><td><span title='2010-04-16 01:18:58 +0200'>2010-04-16</span></td><td><a href='/portato.git/commit/portato/gui/windows/main.py?h=v0.14&amp;id=8a03c532acd1527be2fc4b882ddafc09474da496&amp;follow=1'>Do not allow portage's sqlite backend for the moment ... bug #564292</a></td><td>René 'Necoro' Neumann</td><td>2</td><td><span class='deletions'>-16</span>/<span class='insertions'>+25</span></td></tr>
<tr><td><span title='2010-04-15 04:04:23 +0200'>2010-04-15</span></td><td><a href='/portato.git/commit/portato/gui/windows/preference.py?h=v0.14&amp;id=9f720636bbe5db2e0d21fe580357b92e65d7f269&amp;follow=1'>Better sorting of the database types in the preferences.</a></td><td>René 'Necoro' Neumann</td><td>2</td><td><span class='deletions'>-6</span>/<span class='insertions'>+6</span></td></tr>
<tr><td><span title='2010-04-15 03:50:55 +0200'>2010-04-15</span></td><td><a href='/portato.git/commit/plugins/new_version.py?h=v0.14&amp;id=32ed6637e8bd618af3591d7977dff76d06bfbd33&amp;follow=1'>Add notify-python dependency for the version checker</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-15 03:44:46 +0200'>2010-04-15</span></td><td><a href='/portato.git/commit/portato/db/__init__.py?h=v0.14&amp;id=0b31302be7e89db595db75965df1fc1bf77837f4&amp;follow=1'>Make the database type choice an info message</a></td><td>René 'Necoro' Neumann</td><td>2</td><td><span class='deletions'>-7</span>/<span class='insertions'>+13</span></td></tr>
<tr><td><span title='2010-04-15 03:01:30 +0200'>2010-04-15</span></td><td><a href='/portato.git/commit/i18n/es.po?h=v0.14&amp;id=ecd7f97a68c31f9ccfe81cb276587417aad287e3&amp;follow=1'>Renamed es_ES to es</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-0</span>/<span class='insertions'>+0</span></td></tr>
<tr><td><span title='2010-04-15 08:19:00 +0800'>2010-04-15</span></td><td><a href='/portato.git/commit/plugins/new_version.py?h=v0.14&amp;id=6aa479f23289c5c812a7c2dd54f754aee28cd294&amp;follow=1'>Fixed dependancy of the new_version plugin from "dev-util/git" to "dev-vcs/gi...</a></td><td>Clement Bourgeois</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-14 22:22:47 +0200'>2010-04-14</span></td><td><a href='/portato.git/commit/portato/plugin.py?h=v0.14&amp;id=e5b5b6793999a5094832b1819cc6b5e5e5f0ca39&amp;follow=1'>Make some useless info messages being debug statements</a></td><td>René 'Necoro' Neumann</td><td>2</td><td><span class='deletions'>-34</span>/<span class='insertions'>+17</span></td></tr>
<tr><td><span title='2010-04-14 22:17:53 +0200'>2010-04-14</span></td><td><a href='/portato.git/commit/portato/ipc.pyx?h=v0.14&amp;id=208c4adfbdf7b82cc40da873ed185f3e29880cfa&amp;follow=1'>Improve the C modules</a></td><td>René 'Necoro' Neumann</td><td>3</td><td><span class='deletions'>-37</span>/<span class='insertions'>+52</span></td></tr>
<tr><td><span title='2010-04-14 21:04:30 +0800'>2010-04-14</span></td><td><a href='/portato.git/commit/i18n/fr.po?h=v0.14&amp;id=0f19f73c55ea8c8188aec7426ea94bfb7a823720&amp;follow=1'>Small modifications made to the French translation (typos, grammar).</a></td><td>Clement Bourgeois</td><td>1</td><td><span class='deletions'>-69</span>/<span class='insertions'>+69</span></td></tr>
<tr><td><span title='2010-04-14 04:42:56 +0200'>2010-04-14</span></td><td><a href='/portato.git/commit/portato/eix/parser.pyx?h=v0.14&amp;id=efd5aa7d6e66cc1ab201d5fc5933787a7c8690b5&amp;follow=1'>Fixed the unicode support and stuff ... and also made eix faster :)</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-20</span>/<span class='insertions'>+22</span></td></tr>
<tr><td><span title='2010-04-14 03:22:55 +0200'>2010-04-14</span></td><td><a href='/portato.git/commit/etc/portato.cfg?h=v0.14&amp;id=9c277a984863d4a5e509efb19db65c684b242ce0&amp;follow=1'>Disable debug messages by default</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-1</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-13 21:21:56 +0200'>2010-04-13</span></td><td><a href='/portato.git/commit/portato/eix/exceptions.py?h=v0.14&amp;id=8af4942857cb8eb906056df4c4ae7ffefe9e229c&amp;follow=1'>Better eix error inheritance and handling</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-2</span>/<span class='insertions'>+9</span></td></tr>
<tr><td><span title='2010-04-13 03:14:16 +0200'>2010-04-13</span></td><td><a href='/portato.git/commit/portato/backend/portage/system.py?h=v0.14&amp;id=673edfd36e1d02a629838d3a408155779af50912&amp;follow=1'>Fix the handling of FilterSets. Fixes bug #558887.</a></td><td>René 'Necoro' Neumann</td><td>2</td><td><span class='deletions'>-56</span>/<span class='insertions'>+64</span></td></tr>
<tr><td><span title='2010-04-12 23:20:24 +0200'>2010-04-12</span></td><td><a href='/portato.git/commit/doc/NEWS?h=v0.14&amp;id=60e95e660fcb0e813894a975275b56a0528a776f&amp;follow=1'>Updated news</a></td><td>René 'Necoro' Neumann</td><td>1</td><td><span class='deletions'>-0</span>/<span class='insertions'>+1</span></td></tr>
<tr><td><span title='2010-04-13 05:14:54 +0800'>2010-04-13</span></td><td><a href='/portato.git/commit/doc/TRANSLATORS?h=v0.14&amp;id=f2503578e8e8d48cdcaec57624d7df83ec380cb6&amp;follow=1'>Added my name to translators list.</a></td><td>Clement Bourgeois</td><td>1</td><td><span class='deletions'>-0</span>/<span class='insertions'>+1</span></td></tr>

	Commit message (Expand)	Author	Files	Lines
2010-05-11	Improve setup.py for release script	René 'Necoro' Neumann	1	-3/+8
2010-05-11	Improve constants.py for release script	René 'Necoro' Neumann	1	-6/+11
2010-05-05	Updated polish translation	Tomasz Osiński	1	-337/+451
2010-04-28	Updated Spanish translation	Daniel Halens	1	-346/+470
2010-04-26	Updated italian translation. Thx to Ponsi	René 'Necoro' Neumann	1	-82/+66
2010-04-23	new version plugin showed the versions in the wrong order	René 'Necoro' Neumann	1	-1/+1
2010-04-23	Clearer debug message for packages not in mergequeue	René 'Necoro' Neumann	1	-1/+1
2010-04-23	Reset HOME to /root for root	René 'Necoro' Neumann	1	-0/+4
2010-04-23	Small error in sqldb	René 'Necoro' Neumann	1	-1/+1
2010-04-22	Updated french translation to current translation status.	Clement Bourgeois	1	-77/+84
2010-04-19	Typo in TRANSLATORS	René 'Necoro' Neumann	1	-1/+1
2010-04-19	Updated portguese translation	Alberto Federman Neto	1	-348/+469
2010-04-19	Remove unused pythonic eix parser implementation	René 'Necoro' Neumann	1	-416/+0
2010-04-19	Connect the accels from the menu.	René 'Necoro' Neumann	1	-12/+16
2010-04-19	Replace 'Portage Warning' by 'External Warning'	René 'Necoro' Neumann	1	-1/+1
2010-04-17	Updated italian translation. Thx to Ponsi	René 'Necoro' Neumann	1	-314/+369
2010-04-16	Fix gtk deprecation warning	René 'Necoro' Neumann	1	-1/+1
2010-04-16	Typo	René 'Necoro' Neumann	2	-3/+3
2010-04-16	Do not allow portage's sqlite backend for the moment ... bug #564292	René 'Necoro' Neumann	2	-16/+25
2010-04-15	Better sorting of the database types in the preferences.	René 'Necoro' Neumann	2	-6/+6
2010-04-15	Add notify-python dependency for the version checker	René 'Necoro' Neumann	1	-1/+1
2010-04-15	Make the database type choice an info message	René 'Necoro' Neumann	2	-7/+13
2010-04-15	Renamed es_ES to es	René 'Necoro' Neumann	1	-0/+0
2010-04-15	Fixed dependancy of the new_version plugin from "dev-util/git" to "dev-vcs/gi...	Clement Bourgeois	1	-1/+1
2010-04-14	Make some useless info messages being debug statements	René 'Necoro' Neumann	2	-34/+17
2010-04-14	Improve the C modules	René 'Necoro' Neumann	3	-37/+52
2010-04-14	Small modifications made to the French translation (typos, grammar).	Clement Bourgeois	1	-69/+69
2010-04-14	Fixed the unicode support and stuff ... and also made eix faster :)	René 'Necoro' Neumann	1	-20/+22
2010-04-14	Disable debug messages by default	René 'Necoro' Neumann	1	-1/+1
2010-04-13	Better eix error inheritance and handling	René 'Necoro' Neumann	1	-2/+9
2010-04-13	Fix the handling of FilterSets. Fixes bug #558887.	René 'Necoro' Neumann	2	-56/+64
2010-04-12	Updated news	René 'Necoro' Neumann	1	-0/+1
2010-04-13	Added my name to translators list.	Clement Bourgeois	1	-0/+1