SEBWIN-441: Ensured custom headers are only appended to same-domain requests.

This commit is contained in:
Damian Büchel 2020-11-27 15:14:33 +01:00
parent 907b251232
commit 1cf9d53121

View file

@ -80,7 +80,7 @@ namespace SafeExamBrowser.Browser.Handlers
return CefReturnValue.Cancel;
}
AppendCustomHeaders(request);
AppendCustomHeaders(webBrowser, request);
ReplaceSebScheme(request);
return base.OnBeforeResourceLoad(webBrowser, browser, frame, request, callback);
@ -112,11 +112,16 @@ namespace SafeExamBrowser.Browser.Handlers
return base.OnResourceResponse(webBrowser, browser, frame, request, response);
}
private void AppendCustomHeaders(IRequest request)
private void AppendCustomHeaders(IWebBrowser webBrowser, IRequest request)
{
var headers = new NameValueCollection(request.Headers);
var urlWithoutFragment = request.Url.Split('#')[0];
Uri.TryCreate(webBrowser.Address, UriKind.Absolute, out var pageUrl);
Uri.TryCreate(request.Url, UriKind.Absolute, out var requestUrl);
if (pageUrl?.Host?.Equals(requestUrl?.Host) == true)
{
if (settings.SendConfigurationKey)
{
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + settings.ConfigurationKey));
@ -135,6 +140,7 @@ namespace SafeExamBrowser.Browser.Handlers
request.Headers = headers;
}
}
private bool Block(IRequest request)
{