Validate cookie protocol and header names

PeterDaveHello · PeterDaveHello · commit 4d0860e7664c · 2026-01-24T03:41:08.000+08:00
diff --git a/src/background/index.mjs b/src/background/index.mjs
@@ -750,6 +750,13 @@ Browser.runtime.onMessage.addListener(async (message, sender) => {
           console.warn('[background] Rejecting GET_COOKIE with invalid URL:', cookieUrlInput)
           return null
         }
+        if (cookieUrl.protocol !== 'http:' && cookieUrl.protocol !== 'https:') {
+          console.warn(
+            '[background] Rejecting GET_COOKIE with disallowed protocol:',
+            cookieUrl.protocol,
+          )
+          return null
+        }
 
         const cookieName = cookieNameInput.trim()
         console.debug('[background] Processing GET_COOKIE message for:', cookieUrl.href)
@@ -840,15 +847,16 @@ try {
         const headers = details.requestHeaders
         let modified = false
         for (let i = 0; i < headers.length; i++) {
-          if (!headers[i]) {
+          const header = headers[i]
+          if (!header || !header.name) {
             continue
           }
-          const headerNameLower = headers[i].name?.toLowerCase()
+          const headerNameLower = header.name.toLowerCase()
           if (headerNameLower === 'origin') {
-            headers[i].value = 'https://www.bing.com'
+            header.value = 'https://www.bing.com'
             modified = true
           } else if (headerNameLower === 'referer') {
-            headers[i].value = 'https://www.bing.com/search?q=Bing+AI&showconv=1&FORM=hpcodx'
+            header.value = 'https://www.bing.com/search?q=Bing+AI&showconv=1&FORM=hpcodx'
             modified = true
           }
         }
@@ -876,11 +884,15 @@ try {
     (details) => {
       const headers = details.requestHeaders
       for (let i = 0; i < headers.length; i++) {
-        const headerNameLower = headers[i]?.name?.toLowerCase()
+        const header = headers[i]
+        if (!header || !header.name) {
+          continue
+        }
+        const headerNameLower = header.name.toLowerCase()
         if (headerNameLower === 'origin') {
-          headers[i].value = 'https://claude.ai'
+          header.value = 'https://claude.ai'
         } else if (headerNameLower === 'referer') {
-          headers[i].value = 'https://claude.ai'
+          header.value = 'https://claude.ai'
         }
       }
       return { requestHeaders: headers }
