Implement referrerpolicy attribute for img elements

Source/core/loader/ImageLoader.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010 Apple Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
  * License as published by the Free Software Foundation; either
  * version 2 of the License, or (at your option) any later version.
  *
@@ skipping 28 matching lines @@
 #include "core/frame/Settings.h"
 #include "core/frame/UseCounter.h"
 #include "core/html/HTMLImageElement.h"
 #include "core/html/parser/HTMLParserIdioms.h"
 #include "core/layout/LayoutImage.h"
 #include "core/layout/LayoutVideo.h"
 #include "core/layout/svg/LayoutSVGImage.h"
 #include "core/svg/graphics/SVGImage.h"
 #include "platform/Logging.h"
 #include "platform/weborigin/SecurityOrigin.h"
+#include "platform/weborigin/SecurityPolicy.h"
 #include "public/platform/WebURLRequest.h"
 
 namespace blink {
 
 static ImageEventSender& loadEventSender()
 {
     DEFINE_STATIC_LOCAL(ImageEventSender, sender, (EventTypeNames::load));
     return sender;
 }
 
@@ skipping 12 matching lines @@
 {
     ASSERT(loader);
     ASSERT(loader->element());
     if (loader->element()->document().frame() && loader->element()->document().frame()->script().shouldBypassMainWorldCSP())
         return ImageLoader::BypassMainWorldCSP;
     return ImageLoader::DoNotBypassMainWorldCSP;
 }
 
 class ImageLoader::Task : public WebThread::Task {
 public:
-    static PassOwnPtr<Task> create(ImageLoader* loader, UpdateFromElementBehavior updateBehavior)
+    static PassOwnPtr<Task> create(ImageLoader* loader, UpdateFromElementBehavior updateBehavior, ReferrerPolicy referrerPolicy)
     {
-        return adoptPtr(new Task(loader, updateBehavior));
+        return adoptPtr(new Task(loader, updateBehavior, referrerPolicy));
     }
 
-    Task(ImageLoader* loader, UpdateFromElementBehavior updateBehavior)
+    Task(ImageLoader* loader, UpdateFromElementBehavior updateBehavior, ReferrerPolicy referrerPolicy)
         : m_loader(loader)
         , m_shouldBypassMainWorldCSP(shouldBypassMainWorldCSP(loader))
         , m_updateBehavior(updateBehavior)
         , m_weakFactory(this)
+        , m_referrerPolicy(referrerPolicy)
     {
         v8::Isolate* isolate = V8PerIsolateData::mainThreadIsolate();
         v8::HandleScope scope(isolate);
         // If we're invoked from C++ without a V8 context on the stack, we should
         // run the microtask in the context of the element's document's main world.
         if (ScriptState::hasCurrentScriptState(isolate))
             m_scriptState = ScriptState::current(isolate);
         else
             m_scriptState = ScriptState::forMainWorld(loader->element()->document().frame());
     }
 
     ~Task() override
     {
     }
 
     void run() override
     {
         if (!m_loader)
             return;
         if (m_scriptState->contextIsValid()) {
             ScriptState::Scope scope(m_scriptState.get());
-            m_loader->doUpdateFromElement(m_shouldBypassMainWorldCSP, m_updateBehavior);
+            m_loader->doUpdateFromElement(m_shouldBypassMainWorldCSP, m_updateBehavior, m_referrerPolicy);
         } else {
-            m_loader->doUpdateFromElement(m_shouldBypassMainWorldCSP, m_updateBehavior);
+            m_loader->doUpdateFromElement(m_shouldBypassMainWorldCSP, m_updateBehavior, m_referrerPolicy);
         }
     }
 
     void clearLoader()
     {
         m_loader = nullptr;
         m_scriptState.clear();
     }
 
     WeakPtr<Task> createWeakPtr()
     {
         return m_weakFactory.createWeakPtr();
     }
 
 private:
     RawPtrWillBeWeakPersistent<ImageLoader> m_loader;
     BypassMainWorldBehavior m_shouldBypassMainWorldCSP;
     UpdateFromElementBehavior m_updateBehavior;
     RefPtr<ScriptState> m_scriptState;
     WeakPtrFactory<Task> m_weakFactory;
+    ReferrerPolicy m_referrerPolicy;
 };
 
 ImageLoader::ImageLoader(Element* element)
     : m_element(element)
     , m_image(0)
     , m_derefElementTimer(this, &ImageLoader::timerFired)
     , m_hasPendingLoadEvent(false)
     , m_hasPendingErrorEvent(false)
     , m_imageComplete(true)
     , m_loadingImageDocument(false)
@@ skipping 121 matching lines @@
 inline void ImageLoader::crossSiteOrCSPViolationOccurred(AtomicString imageSourceURL)
 {
     m_failedLoadURL = imageSourceURL;
 }
 
 inline void ImageLoader::clearFailedLoadURL()
 {
     m_failedLoadURL = AtomicString();
 }
 
-inline void ImageLoader::enqueueImageLoadingMicroTask(UpdateFromElementBehavior updateBehavior)
+inline void ImageLoader::enqueueImageLoadingMicroTask(UpdateFromElementBehavior updateBehavior, ReferrerPolicy referrerPolicy)
 {
-    OwnPtr<Task> task = Task::create(this, updateBehavior);
+    OwnPtr<Task> task = Task::create(this, updateBehavior, referrerPolicy);
     m_pendingTask = task->createWeakPtr();
     Microtask::enqueueMicrotask(task.release());
     m_loadDelayCounter = IncrementLoadEventDelayCount::create(m_element->document());
 }
 
-void ImageLoader::doUpdateFromElement(BypassMainWorldBehavior bypassBehavior, UpdateFromElementBehavior updateBehavior)
+void ImageLoader::doUpdateFromElement(BypassMainWorldBehavior bypassBehavior, UpdateFromElementBehavior updateBehavior, ReferrerPolicy referrerPolicy)
 {
     // FIXME: According to
     // http://www.whatwg.org/specs/web-apps/current-work/multipage/embedded-content.html#the-img-element:the-img-element-55
     // When "update image" is called due to environment changes and the load fails, onerror should not be called.
     // That is currently not the case.
     //
     // We don't need to call clearLoader here: Either we were called from the
     // task, or our caller updateFromElement cleared the task's loader (and set
     // m_pendingTask to null).
     m_pendingTask.clear();
@@ skipping 12 matching lines @@
     if (!url.isNull()) {
         // Unlike raw <img>, we block mixed content inside of <picture> or <img srcset>.
         ResourceLoaderOptions resourceLoaderOptions = ResourceFetcher::defaultResourceOptions();
         ResourceRequest resourceRequest(url);
         resourceRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeSameOrigin);
         if (updateBehavior == UpdateForcedReload) {
             resourceRequest.setCachePolicy(ResourceRequestCachePolicy::ReloadBypassingCache);
             // ImageLoader defers the load of images when in an ImageDocument. Don't defer this load on a forced reload.
             m_loadingImageDocument = false;
         }
+
+        if (referrerPolicy != ReferrerPolicyDefault)
+            resourceRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(referrerPolicy, url, document.outgoingReferrer()));
+
         if (isHTMLPictureElement(element()->parentNode()) || !element()->fastGetAttribute(HTMLNames::srcsetAttr).isNull())
             resourceRequest.setRequestContext(WebURLRequest::RequestContextImageSet);
         FetchRequest request(resourceRequest, element()->localName(), resourceLoaderOptions);
         configureRequest(request, bypassBehavior, *m_element, document.clientHintsPreferences());
 
         // Prevent the immediate creation of a ResourceLoader (and therefore a network
         // request) for ImageDocument loads. In this case, the image contents have already
         // been requested as a main resource and ImageDocumentParser will take care of
         // funneling the main resource bytes into the ImageResource.
         if (m_loadingImageDocument) {
@@ skipping 55 matching lines @@
     }
 
     if (LayoutImageResource* imageResource = layoutImageResource())
         imageResource->resetAnimation();
 
     // Only consider updating the protection ref-count of the Element immediately before returning
     // from this function as doing so might result in the destruction of this ImageLoader.
     updatedHasPendingEvent();
 }
 
-void ImageLoader::updateFromElement(UpdateFromElementBehavior updateBehavior)
+void ImageLoader::updateFromElement(UpdateFromElementBehavior updateBehavior, ReferrerPolicy referrerPolicy)
 {
     AtomicString imageSourceURL = m_element->imageSourceURL();
     m_suppressErrorEvents = (updateBehavior == UpdateSizeChanged);
 
     if (updateBehavior == UpdateIgnorePreviousError)
         clearFailedLoadURL();
 
     if (!m_failedLoadURL.isEmpty() && imageSourceURL == m_failedLoadURL)
         return;
 
     // If we have a pending task, we have to clear it -- either we're
     // now loading immediately, or we need to reset the task's state.
     if (m_pendingTask) {
         m_pendingTask->clearLoader();
         m_pendingTask.clear();
     }
 
     KURL url = imageSourceToKURL(imageSourceURL);
     if (shouldLoadImmediately(url)) {
-        doUpdateFromElement(DoNotBypassMainWorldCSP, updateBehavior);
+        doUpdateFromElement(DoNotBypassMainWorldCSP, updateBehavior, referrerPolicy);
         return;
     }
     // Allow the idiom "img.src=''; img.src='.." to clear down the image before
     // an asynchronous load completes.
     if (imageSourceURL.isEmpty()) {
         ImageResource* image = m_image.get();
         if (image)
             image->removeClient(this);
         m_image = nullptr;
     }
 
     // Don't load images for inactive documents. We don't want to slow down the
     // raw HTML parsing case by loading images we don't intend to display.
     Document& document = m_element->document();
     if (document.isActive())
-        enqueueImageLoadingMicroTask(updateBehavior);
+        enqueueImageLoadingMicroTask(updateBehavior, referrerPolicy);
 }
 
 KURL ImageLoader::imageSourceToKURL(AtomicString imageSourceURL) const
 {
     KURL url;
 
     // Don't load images for inactive documents. We don't want to slow down the
     // raw HTML parsing case by loading images we don't intend to display.
     Document& document = m_element->document();
     if (!document.isActive())
@@ skipping 227 matching lines @@
 
 void ImageLoader::sourceImageChanged()
 {
     for (auto& client : m_clients) {
         ImageLoaderClient* handle = client;
         handle->notifyImageSourceChanged();
     }
 }
 
 } // namespace blink