marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* i2ptunnel: Block b32.i2p supercookies

Browse Source
This commit is contained in:
zzz
2013-04-23 18:23:38 +00:00
parent 22025b0c3a
commit aa547a1610
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/HTTPResponseOutputStream.java
View File

@@ -193,6 +193,17 @@ class HTTPResponseOutputStream extends FilterOutputStream {
} else if ("content-type".equals(lcKey)) {
// save for compress decision on server side
_contentType = val;
} else if ("set-cookie".equals(lcKey)) {
String lcVal = val.toLowerCase(Locale.US);
if (lcVal.contains("domain=b32.i2p") ||
lcVal.contains("domain=.b32.i2p")) {
// Strip privacy-damaging "supercookie" for b32.i2p
// Let's presume the user agent ignores a cookie for "i2p"
// See RFC 6265 and http://publicsuffix.org/
if (_log.shouldLog(Log.INFO))
_log.info("Stripping \"" + key + ": " + val + "\" from response ");
break;
}
}
out.write((key.trim() + ": " + val.trim() + "\r\n").getBytes());
}