Changeset aa547a16


Ignore:
Timestamp:
Apr 23, 2013 6:23:38 PM (7 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
5b40914, e8025f0
Parents:
22025b0
Message:
  • i2ptunnel: Block b32.i2p supercookies
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • apps/i2ptunnel/java/src/net/i2p/i2ptunnel/HTTPResponseOutputStream.java

    r22025b0 raa547a16  
    194194                                    // save for compress decision on server side
    195195                                    _contentType = val;
     196                                } else if ("set-cookie".equals(lcKey)) {
     197                                    String lcVal = val.toLowerCase(Locale.US);
     198                                    if (lcVal.contains("domain=b32.i2p") ||
     199                                        lcVal.contains("domain=.b32.i2p")) {
     200                                        // Strip privacy-damaging "supercookie" for b32.i2p
     201                                        // Let's presume the user agent ignores a cookie for "i2p"
     202                                        // See RFC 6265 and http://publicsuffix.org/
     203                                        if (_log.shouldLog(Log.INFO))
     204                                            _log.info("Stripping \"" + key + ": " + val + "\" from response ");
     205                                        break;
     206                                    }
    196207                                }
    197208                                out.write((key.trim() + ": " + val.trim() + "\r\n").getBytes());
  • history.txt

    r22025b0 raa547a16  
     12013-04-23 zzz
     2 * Console: Fix Jetty digest auth bug causing repeated password requests
     3 * i2ptunnel: Block b32.i2p supercookies
     4
    152013-04-21 zzz
    26 * AppManager: Add HTML debug output
  • router/java/src/net/i2p/router/RouterVersion.java

    r22025b0 raa547a16  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 12;
     21    public final static long BUILD = 13;
    2222
    2323    /** for example "-test" */
Note: See TracChangeset for help on using the changeset viewer.