Apply Referrer-Policy header when following redirects

net/url_request/url_request.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_URL_REQUEST_URL_REQUEST_H_
 #define NET_URL_REQUEST_URL_REQUEST_H_
 
 #include <stdint.h>
 
 #include <memory>
@@ skipping 67 matching lines @@
   // factories to be queried.  If no factory handles the request, then the
   // default job will be used.
   typedef URLRequestJob* (ProtocolFactory)(URLRequest* request,
                                            NetworkDelegate* network_delegate,
                                            const std::string& scheme);
 
   // Referrer policies (see set_referrer_policy): During server redirects, the
   // referrer header might be cleared, if the protocol changes from HTTPS to
   // HTTP. This is the default behavior of URLRequest, corresponding to
   // CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE. Alternatively, the
-  // referrer policy can be set to strip the referrer down to an origin upon
-  // cross-origin navigation (ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN), or
-  // never change the referrer header (NEVER_CLEAR_REFERRER). Embedders will
-  // want to use these options when implementing referrer policy support
-  // (https://w3c.github.io/webappsec/specs/referrer-policy/).
+  // referrer policy can be set to:
+  // - strip the referrer down to an origin upon cross-origin navigation
+  //   (ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN),
+  // - never change the referrer header (NEVER_CLEAR_REFERRER),
+  // - strip the referrer down to an origin regardless of the redirect
+  //   location (ORIGIN), or
+  // - always clear the referrer regardless of the redirect location
+  //   (NO_REFERRER).

[mmenke, 2016/06/28 21:32:08]

optional:  Could move each of these to just before the constant it describes, so
you don't have to list the constants twice.  Would need to modify the old
comments similarly, though.  Up to you.

[estark, 2016/06/28 22:38:42]

Done.

+  // Embedders will want to use these options when implementing referrer policy
+  // support (https://w3c.github.io/webappsec/specs/referrer-policy/).
   //
   // REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN is a slight variant
   // on CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: If the request
   // downgrades from HTTPS to HTTP, the referrer will be cleared. If the request
   // transitions cross-origin (but does not downgrade), the referrer's
   // granularity will be reduced (currently stripped down to an origin rather
   // than a full URL). Same-origin requests will send the full referrer.
   enum ReferrerPolicy {
     CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
     REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
     ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
     NEVER_CLEAR_REFERRER,
+    ORIGIN,
+    NO_REFERRER,
+    MAX_REFERRER_POLICY
   };
 
   // First-party URL redirect policy: During server redirects, the first-party
   // URL for cookies normally doesn't change. However, if the request is a
   // top-level first-party request, the first-party URL should be updated to the
   // URL on every redirect.
   enum FirstPartyURLPolicy {
     NEVER_CHANGE_FIRST_PARTY_URL,
     UPDATE_FIRST_PARTY_URL_ON_REDIRECT,
   };
@@ skipping 197 matching lines @@
   // from the underlying network request for security reasons (e.g., a HTTPS
   // URL will not be sent as the referrer for a HTTP request).  The referrer
   // may only be changed before Start() is called.
   const std::string& referrer() const { return referrer_; }
   // Referrer is sanitized to remove URL fragment, user name and password.
   void SetReferrer(const std::string& referrer);
 
   // The referrer policy to apply when updating the referrer during redirects.
   // The referrer policy may only be changed before Start() is called.
   ReferrerPolicy referrer_policy() const { return referrer_policy_; }
   void set_referrer_policy(ReferrerPolicy referrer_policy);

[mmenke, 2016/06/28 21:32:08]

Optional:  Could DCHECK that the policy is not set to ORIGIN or NO_REFFER here,
as it doesn't quite work as expected.  Or just add a comment about that
weirdness, DCHECK seems more reliable, though.

[estark, 2016/06/28 22:38:42]

Done.

 
   // If this request should include a referred Token Binding, this returns the
   // hostname of the referrer that indicated this request should include a
   // referred Token Binding. Otherwise, this returns the empty string.
   const std::string& token_binding_referrer() const {
     return token_binding_referrer_;
   }
 
   // Sets the delegate of the request.  This is only to allow creating a request
   // before creating its delegate.  |delegate| must be non-NULL and the request
@@ skipping 523 matching lines @@
 
   // The proxy server used for this request, if any.
   HostPortPair proxy_server_;
 
   DISALLOW_COPY_AND_ASSIGN(URLRequest);
 };
 
 }  // namespace net
 
 #endif  // NET_URL_REQUEST_URL_REQUEST_H_