| Index: net/url_request/url_request.cc
|
| diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
|
| index 6b0124730d5011fec92ddbf733be8f24f2db6ffa..a037063129a0ac1d294b5cd0490044de0817f7a9 100644
|
| --- a/net/url_request/url_request.cc
|
| +++ b/net/url_request/url_request.cc
|
| @@ -8,6 +8,7 @@
|
| #include "base/bind_helpers.h"
|
| #include "base/callback.h"
|
| #include "base/compiler_specific.h"
|
| +#include "base/debug/dump_without_crashing.h"
|
| #include "base/debug/stack_trace.h"
|
| #include "base/lazy_instance.h"
|
| #include "base/memory/singleton.h"
|
| @@ -684,6 +685,17 @@ void URLRequest::StartJob(URLRequestJob* job) {
|
|
|
| response_info_.was_cached = false;
|
|
|
| + // If the referrer is secure, but the requested URL is not, the referrer
|
| + // policy should be something non-default. If you hit this, please file a
|
| + // bug.
|
| + if (referrer_policy_ ==
|
| + CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE &&
|
| + GURL(referrer_).SchemeIsSecure() && !url().SchemeIsSecure()) {
|
| + DLOG(FATAL) << "Trying to send secure referrer for insecure load";
|
| + base::debug::DumpWithoutCrashing();
|
| + referrer_.clear();
|
| + }
|
| +
|
| // Don't allow errors to be sent from within Start().
|
| // TODO(brettw) this may cause NotifyDone to be sent synchronously,
|
| // we probably don't want this: they should be sent asynchronously so
|
|
|
Chromium Code Reviews
Issue 115803003:
Add a check that we don't send a secure referrer to an insecure URL (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src