Use host to check same origin if referrer looks trimmed to host

2023-12-14 04:33:03 +01:00 · 2019-10-28 16:41:08 +01:00 · 2019-10-28 16:41:08 +01:00 · 270f3e9ffd
commit 270f3e9ffd
parent e1f73697ff
1 changed files with 12 additions and 2 deletions
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@ -552,8 +552,18 @@ class UiRequest(object):
    def isSameOrigin(self, url_a, url_b):
        if not url_a or not url_b:
            return False
-        origin_a = re.sub("http[s]{0,1}://(.*?/.*?/).*", "\\1", url_a)
-        origin_b = re.sub("http[s]{0,1}://(.*?/.*?/).*", "\\1", url_b)
+
+        url_a = url_a.replace("/raw/", "/")
+        url_b = url_b.replace("/raw/", "/")
+
+        origin_pattern = "http[s]{0,1}://(.*?/.*?/).*"
+        is_origin_full = re.match(origin_pattern, url_a)
+        if not is_origin_full:  # Origin looks trimmed to host, require only same host
+            origin_pattern = "http[s]{0,1}://(.*?/).*"
+
+        origin_a = re.sub(origin_pattern, "\\1", url_a)
+        origin_b = re.sub(origin_pattern, "\\1", url_b)
+
        return origin_a == origin_b

    # Return {address: 1Site.., inner_path: /data/users.json} from url path