Apply Referrer-Policy header when following redirects

net/url_request/url_request_job_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_job.h"
 
 #include <memory>
 
 #include "base/run_loop.h"
 #include "net/base/request_priority.h"
 #include "net/http/http_transaction_test_util.h"
+#include "net/test/cert_test_util.h"
+#include "net/test/test_data_directory.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 
 namespace {
 
 // Data encoded in kBrotliHelloData.
 const char kBrotliDecodedHelloData[] = "hello, world!\n";
@@ skipping 32 matching lines @@
   response_data->insert(10, 64 * 1024, 'a');
 }
 
 void BrotliHelloServer(const HttpRequestInfo* request,
                        std::string* response_status,
                        std::string* response_headers,
                        std::string* response_data) {
   response_data->assign(kBrotliHelloData, sizeof(kBrotliHelloData) - 1);
 }
 
+void MakeMockReferrerPolicyTransaction(const char* original_location,
+                                       const char* referer_header,
+                                       const char* response_headers,
+                                       MockTransaction* transaction) {
+  transaction->url = original_location;
+  transaction->method = "GET";
+  transaction->request_time = base::Time();
+  transaction->request_headers = referer_header;
+  transaction->load_flags = LOAD_NORMAL;
+  transaction->status = "HTTP/1.1 302 Found";
+  transaction->response_headers = response_headers;
+  transaction->response_time = base::Time();
+  transaction->data = "hello";
+  transaction->test_mode = TEST_MODE_NORMAL;
+  transaction->handler = nullptr;
+  if (GURL(original_location).SchemeIsCryptographic()) {
+    transaction->cert =
+        net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
+  } else {
+    transaction->cert = nullptr;
+  }
+  transaction->cert_status = 0;
+  transaction->ssl_connection_status = 0;
+  transaction->return_code = OK;
+}
+
 const MockTransaction kGZip_Transaction = {
     "http://www.google.com/gzyp",
     "GET",
     base::Time(),
     "",
     LOAD_NORMAL,
     "HTTP/1.1 200 OK",
     "Cache-Control: max-age=10000\n"
     "Content-Encoding: gzip\n"
     "Content-Length: 30\n",  // Intentionally wrong.
@@ skipping 152 matching lines @@
   req->set_method("GET");
   req->Start();
 
   base::RunLoop().Run();
 
   EXPECT_TRUE(network_layer.done_reading_called());
 
   RemoveMockTransaction(&kRedirect_Transaction);
 }
 
+TEST(URLRequestJob, RedirectTransactionWithReferrerPolicyHeader) {
+  struct TestCase {
+    const char* original_location;
+    const char* original_referrer;
+    const char* response_headers;
+    URLRequest::ReferrerPolicy original_referrer_policy;
+    URLRequest::ReferrerPolicy expected_final_referrer_policy;
+    const char* expected_final_referrer;
+  };
+
+  const TestCase kTests[] = {
+      // If a redirect serves 'Referrer-Policy: no-referrer', then the referrer
+      // should be cleared.
+      {"http://foo.test/one" /* location */,
+       "http://foo.test/one" /* original referrer */,
+       "Location: http://foo.test/test\n"
+       "Referrer-Policy: no-referrer\n",
+       // original policy
+       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+       URLRequest::NO_REFERRER /* expected final policy */,
+       "" /* expected final referrer */},
+
+      // Same as above but for the legacy keyword 'never'.
+      {"http://foo.test/one" /* location */,
+       "http://foo.test/one" /* original referrer */,
+       "Location: http://foo.test/test\nReferrer-Policy: never\n",
+       // original policy
+       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+       URLRequest::NO_REFERRER /* expected final policy */,
+       "" /* expected final referrer */},
+
+      // If a redirect serves 'Referrer-Policy:
+      // no-referrer-when-downgrade', then the referrer should be cleared
+      // on downgrade, even if the original request's policy specified
+      // that the referrer should never be cleared.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: http://foo.test\n"
+       "Referrer-Policy: no-referrer-when-downgrade\n",
+       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
+       // expected final policy
+       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+       "" /* expected final referrer */},
+
+      // Same as above but for the legacy keyword 'default'.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: http://foo.test\n"
+       "Referrer-Policy: default\n",
+       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
+       // expected final policy
+       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+       "" /* expected final referrer */},
+
+      // If a redirect serves 'Referrer-Policy: origin', then the referrer
+      // should be stripped to its origin, even if the original request's
+      // policy specified that the referrer should never be cleared.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: https://foo.test/two\n"
+       "Referrer-Policy: origin\n",
+       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
+       URLRequest::ORIGIN /* expected final policy */,
+       "https://foo.test/" /* expected final referrer */},
+
+      // If a redirect serves 'Referrer-Policy: origin-when-cross-origin',
+      // then the referrer should be untouched for a same-origin redirect...
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/referrer" /* original referrer */,
+       "Location: https://foo.test/two\n"
+       "Referrer-Policy: origin-when-cross-origin\n",
+       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
+       URLRequest::
+           ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
+       "https://foo.test/referrer" /* expected final referrer */},
+
+      // ... but should be stripped to the origin for a cross-origin redirect.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: https://bar.test/two\n"
+       "Referrer-Policy: origin-when-cross-origin\n",
+       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
+       URLRequest::
+           ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
+       "https://foo.test/" /* expected final referrer */},
+
+      // If a redirect serves 'Referrer-Policy: unsafe-url', then the
+      // referrer should remain, even if originally set to clear on
+      // downgrade.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: https://bar.test/two\n"
+       "Referrer-Policy: unsafe-url\n",
+       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
+       URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
+       "https://foo.test/one" /* expected final referrer */},
+
+      // Same as above but for the legacy keyword 'always'.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: https://bar.test/two\n"
+       "Referrer-Policy: always\n",
+       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
+       URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
+       "https://foo.test/one" /* expected final referrer */},
+
+      // An invalid keyword should leave the policy untouched.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: https://bar.test/two\n"
+       "Referrer-Policy: not-a-valid-policy\n",
+       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
+       URLRequest::
+           ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
+       "https://foo.test/" /* expected final referrer */},

[mmenke, 2016/06/28 21:32:08]

Maybe a test like this, but it makes sure we actually clear the referrer, if
we're being redirected to an insecure URL?

[estark, 2016/06/28 22:38:42]

Done.

+
+      // The last valid keyword should take precedence.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: https://bar.test/two\n"
+       "Referrer-Policy: unsafe-url\n"
+       "Referrer-Policy: not-a-valid-policy\n",
+       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
+       URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
+       "https://foo.test/one" /* expected final referrer */},
+
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: https://bar.test/two\n"
+       "Referrer-Policy: unsafe-url\n"
+       "Referrer-Policy: origin\n",
+       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
+       URLRequest::ORIGIN /* expected final policy */,
+       "https://foo.test/" /* expected final referrer */},
+
+      // An empty header should not affect the request.
+      {"https://foo.test/one" /* location */,
+       "https://foo.test/one" /* original referrer */,
+       "Location: https://bar.test/two\n"
+       "Referrer-Policy: \n",
+       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
+       URLRequest::
+           ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
+       "https://foo.test/" /* expected final referrer */},
+  };
+
+  for (const auto& test : kTests) {
+    MockTransaction transaction;
+    std::string request_headers =
+        "Referer: " + std::string(test.original_referrer) + "\n";
+    MakeMockReferrerPolicyTransaction(test.original_location,
+                                      request_headers.c_str(),
+                                      test.response_headers, &transaction);
+
+    MockNetworkLayer network_layer;
+    TestURLRequestContext context;
+    context.set_enable_referrer_policy_header(true);
+    context.set_http_transaction_factory(&network_layer);
+
+    TestDelegate d;
+    std::unique_ptr<URLRequest> req(
+        context.CreateRequest(GURL(transaction.url), DEFAULT_PRIORITY, &d));
+    AddMockTransaction(&transaction);
+
+    req->set_referrer_policy(test.original_referrer_policy);
+    req->SetReferrer(test.original_referrer);
+
+    req->set_method("GET");
+    req->Start();
+
+    base::RunLoop().Run();
+
+    EXPECT_TRUE(network_layer.done_reading_called());
+
+    RemoveMockTransaction(&transaction);
+
+    // Test that the referrer policy and referrer were set correctly
+    // according to the header received during the redirect.
+    EXPECT_EQ(test.expected_final_referrer_policy, req->referrer_policy());
+    EXPECT_EQ(test.expected_final_referrer, req->referrer());
+  }
+}
+
 TEST(URLRequestJob, TransactionNotCachedWhenNetworkDelegateRedirects) {
   MockNetworkLayer network_layer;
   TestNetworkDelegate network_delegate;
   network_delegate.set_redirect_on_headers_received_url(GURL("http://foo"));
   TestURLRequestContext context;
   context.set_http_transaction_factory(&network_layer);
   context.set_network_delegate(&network_delegate);
 
   TestDelegate d;
   std::unique_ptr<URLRequest> req(
@@ skipping 105 matching lines @@
 
   EXPECT_FALSE(d.request_failed());
   EXPECT_EQ(200, req->GetResponseCode());
   EXPECT_EQ(kBrotliDecodedHelloData, d.data_received());
   EXPECT_TRUE(network_layer.done_reading_called());
 
   RemoveMockTransaction(&kBrotli_Slow_Transaction);
 }
 
 }  // namespace net