Automatically set Referer for external attachment downloads

Rather than requiring translators to explicitly set a referrer, as proposed in #772 and #1375, this simply sets it to the URL where the save button was triggered. This fixes the Project Euclid example in #772. It's possible it won't fix all cases, since the translator might build the URL manually or via an intermediate page, but hopefully it will fix the majority of cases. I guess there's a possibility that this would break something that currently works, but it's hard to imagine a site would block based on the wrong referrer from the right site and not block on no referrer. Unlike #1375, this doesn't bother with the referrer for native downloads (e.g., snapshots or images). The former probably don't need it, and the latter should probably be switched to use `saveURI()` anyway. This might also fix zotero/translators#523 (SSRN) if the translator allowed it. Closes #1375
2018-02-15 01:58:20 -05:00 · 2018-02-15 01:58:20 -05:00 · bb925723fd
commit bb925723fd
parent 081f6bc77d
3 changed files with 12 additions and 2 deletions
--- a/chrome/content/zotero/xpcom/attachments.js
+++ b/chrome/content/zotero/xpcom/attachments.js
@ -246,7 +246,8 @@ Zotero.Attachments = new function(){
 	
 	/**
 	 * @param {Object} options - 'libraryID', 'url', 'parentItemID', 'collections', 'title',
-	 *                           'fileBaseName', 'contentType', 'cookieSandbox', 'saveOptions'
+	 *                           'fileBaseName', 'contentType', 'referrer', 'cookieSandbox',
+	 *                           'saveOptions'
 	 * @return {Promise<Zotero.Item>} - A promise for the created attachment item
 	 */
 	this.importFromURL = Zotero.Promise.coroutine(function* (options) {
@ -257,6 +258,7 @@ Zotero.Attachments = new function(){
 		var title = options.title;
 		var fileBaseName = options.fileBaseName;
 		var contentType = options.contentType;
+		var referrer = options.referrer;
 		var cookieSandbox = options.cookieSandbox;
 		var saveOptions = options.saveOptions;
 		
@ -347,7 +349,12 @@ Zotero.Attachments = new function(){
 			var nsIURL = Components.classes["@mozilla.org/network/standard-url;1"]
 				.createInstance(Components.interfaces.nsIURL);
 			nsIURL.spec = url;
-			Zotero.Utilities.Internal.saveURI(wbp, nsIURL, tmpFile);
+			var headers = {};
+			if (referrer) {
+				headers.Referer = referrer;
+			}
+			Zotero.Utilities.Internal.saveURI(wbp, nsIURL, tmpFile, headers);
+

 			yield deferred.promise;
 			let sample = yield Zotero.File.getContentsAsync(tmpFile, null, 1000);
--- a/chrome/content/zotero/xpcom/server_connector.js
+++ b/chrome/content/zotero/xpcom/server_connector.js
@ -539,6 +539,7 @@ Zotero.Server.Connector.SaveItem.prototype = {
 			collections: collection ? [collection.id] : undefined,
 			attachmentMode: Zotero.Translate.ItemSaver.ATTACHMENT_MODE_DOWNLOAD,
 			forceTagType: 1,
+			referrer: data.uri,
 			cookieSandbox,
 			proxy
 		});
--- a/chrome/content/zotero/xpcom/translation/translate_item.js
+++ b/chrome/content/zotero/xpcom/translation/translate_item.js
@ -54,6 +54,7 @@ Zotero.Translate.ItemSaver = function(options) {
 	this.attachmentMode = Zotero.Libraries.get(this._libraryID).filesEditable ? options.attachmentMode :
 	                      Zotero.Translate.ItemSaver.ATTACHMENT_MODE_IGNORE;
 	this._forceTagType = options.forceTagType;
+	this._referrer = options.referrer;
 	this._cookieSandbox = options.cookieSandbox;
 	this._proxy = options.proxy;
 	
@ -634,6 +635,7 @@ Zotero.Translate.ItemSaver.prototype = {
 			title,
 			fileBaseName,
 			contentType: mimeType,
+			referrer: this._referrer,
 			cookieSandbox: this._cookieSandbox,
 			collections: !parentItemID ? this._collections : undefined
 		});