Revert of Apply Referrer-Policy header when following redirects

net/url_request/url_request_job_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_job.h"
 
 #include <memory>
 
 #include "base/run_loop.h"
 #include "net/base/request_priority.h"
 #include "net/http/http_transaction_test_util.h"
-#include "net/test/cert_test_util.h"
-#include "net/test/test_data_directory.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 
 namespace {
 
 // Data encoded in kBrotliHelloData.
 const char kBrotliDecodedHelloData[] = "hello, world!\n";
@@ skipping 32 matching lines @@
   response_data->insert(10, 64 * 1024, 'a');
 }
 
 void BrotliHelloServer(const HttpRequestInfo* request,
                        std::string* response_status,
                        std::string* response_headers,
                        std::string* response_data) {
   response_data->assign(kBrotliHelloData, sizeof(kBrotliHelloData) - 1);
 }
 
-void MakeMockReferrerPolicyTransaction(const char* original_url,
-                                       const char* referer_header,
-                                       const char* response_headers,
-                                       MockTransaction* transaction) {
-  transaction->url = original_url;
-  transaction->method = "GET";
-  transaction->request_time = base::Time();
-  transaction->request_headers = referer_header;
-  transaction->load_flags = LOAD_NORMAL;
-  transaction->status = "HTTP/1.1 302 Found";
-  transaction->response_headers = response_headers;
-  transaction->response_time = base::Time();
-  transaction->data = "hello";
-  transaction->test_mode = TEST_MODE_NORMAL;
-  transaction->handler = nullptr;
-  if (GURL(original_url).SchemeIsCryptographic()) {
-    transaction->cert =
-        net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
-  } else {
-    transaction->cert = nullptr;
-  }
-  transaction->cert_status = 0;
-  transaction->ssl_connection_status = 0;
-  transaction->return_code = OK;
-}
-
 const MockTransaction kGZip_Transaction = {
     "http://www.google.com/gzyp",
     "GET",
     base::Time(),
     "",
     LOAD_NORMAL,
     "HTTP/1.1 200 OK",
     "Cache-Control: max-age=10000\n"
     "Content-Encoding: gzip\n"
     "Content-Length: 30\n",  // Intentionally wrong.
@@ skipping 152 matching lines @@
   req->set_method("GET");
   req->Start();
 
   base::RunLoop().Run();
 
   EXPECT_TRUE(network_layer.done_reading_called());
 
   RemoveMockTransaction(&kRedirect_Transaction);
 }
 
-TEST(URLRequestJob, RedirectTransactionWithReferrerPolicyHeader) {
-  struct TestCase {
-    const char* original_url;
-    const char* original_referrer;
-    const char* response_headers;
-    URLRequest::ReferrerPolicy original_referrer_policy;
-    URLRequest::ReferrerPolicy expected_final_referrer_policy;
-    const char* expected_final_referrer;
-  };
-
-  const TestCase kTests[] = {
-      // If a redirect serves 'Referrer-Policy: no-referrer', then the referrer
-      // should be cleared.
-      {"http://foo.test/one" /* original url */,
-       "http://foo.test/one" /* original referrer */,
-       "Location: http://foo.test/test\n"
-       "Referrer-Policy: no-referrer\n",
-       // original policy
-       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
-       URLRequest::NO_REFERRER /* expected final policy */,
-       "" /* expected final referrer */},
-
-      // Same as above but for the legacy keyword 'never'.
-      {"http://foo.test/one" /* original url */,
-       "http://foo.test/one" /* original referrer */,
-       "Location: http://foo.test/test\nReferrer-Policy: never\n",
-       // original policy
-       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
-       URLRequest::NO_REFERRER /* expected final policy */,
-       "" /* expected final referrer */},
-
-      // If a redirect serves 'Referrer-Policy:
-      // no-referrer-when-downgrade', then the referrer should be cleared
-      // on downgrade, even if the original request's policy specified
-      // that the referrer should never be cleared.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: http://foo.test\n"
-       "Referrer-Policy: no-referrer-when-downgrade\n",
-       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
-       // expected final policy
-       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
-       "" /* expected final referrer */},
-
-      // Same as above but for the legacy keyword 'default'.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: http://foo.test\n"
-       "Referrer-Policy: default\n",
-       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
-       // expected final policy
-       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
-       "" /* expected final referrer */},
-
-      // If a redirect serves 'Referrer-Policy: origin', then the referrer
-      // should be stripped to its origin, even if the original request's
-      // policy specified that the referrer should never be cleared.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: https://foo.test/two\n"
-       "Referrer-Policy: origin\n",
-       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
-       URLRequest::ORIGIN /* expected final policy */,
-       "https://foo.test/" /* expected final referrer */},
-
-      // If a redirect serves 'Referrer-Policy: origin-when-cross-origin',
-      // then the referrer should be untouched for a same-origin redirect...
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/referrer" /* original referrer */,
-       "Location: https://foo.test/two\n"
-       "Referrer-Policy: origin-when-cross-origin\n",
-       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
-       URLRequest::
-           ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
-       "https://foo.test/referrer" /* expected final referrer */},
-
-      // ... but should be stripped to the origin for a cross-origin redirect.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: https://bar.test/two\n"
-       "Referrer-Policy: origin-when-cross-origin\n",
-       URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
-       URLRequest::
-           ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
-       "https://foo.test/" /* expected final referrer */},
-
-      // If a redirect serves 'Referrer-Policy: unsafe-url', then the
-      // referrer should remain, even if originally set to clear on
-      // downgrade.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: https://bar.test/two\n"
-       "Referrer-Policy: unsafe-url\n",
-       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
-       URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
-       "https://foo.test/one" /* expected final referrer */},
-
-      // Same as above but for the legacy keyword 'always'.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: https://bar.test/two\n"
-       "Referrer-Policy: always\n",
-       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
-       URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
-       "https://foo.test/one" /* expected final referrer */},
-
-      // An invalid keyword should leave the policy untouched.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: https://bar.test/two\n"
-       "Referrer-Policy: not-a-valid-policy\n",
-       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
-       URLRequest::
-           ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
-       "https://foo.test/" /* expected final referrer */},
-
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: http://bar.test/two\n"
-       "Referrer-Policy: not-a-valid-policy\n",
-       // original policy
-       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
-       // expected final policy
-       URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
-       "" /* expected final referrer */},
-
-      // The last valid keyword should take precedence.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: https://bar.test/two\n"
-       "Referrer-Policy: unsafe-url\n"
-       "Referrer-Policy: not-a-valid-policy\n",
-       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
-       URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
-       "https://foo.test/one" /* expected final referrer */},
-
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: https://bar.test/two\n"
-       "Referrer-Policy: unsafe-url\n"
-       "Referrer-Policy: origin\n",
-       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
-       URLRequest::ORIGIN /* expected final policy */,
-       "https://foo.test/" /* expected final referrer */},
-
-      // An empty header should not affect the request.
-      {"https://foo.test/one" /* original url */,
-       "https://foo.test/one" /* original referrer */,
-       "Location: https://bar.test/two\n"
-       "Referrer-Policy: \n",
-       URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
-       URLRequest::
-           ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
-       "https://foo.test/" /* expected final referrer */},
-  };
-
-  for (const auto& test : kTests) {
-    MockTransaction transaction;
-    std::string request_headers =
-        "Referer: " + std::string(test.original_referrer) + "\n";
-    MakeMockReferrerPolicyTransaction(test.original_url,
-                                      request_headers.c_str(),
-                                      test.response_headers, &transaction);
-
-    MockNetworkLayer network_layer;
-    TestURLRequestContext context;
-    context.set_enable_referrer_policy_header(true);
-    context.set_http_transaction_factory(&network_layer);
-
-    TestDelegate d;
-    std::unique_ptr<URLRequest> req(
-        context.CreateRequest(GURL(transaction.url), DEFAULT_PRIORITY, &d));
-    AddMockTransaction(&transaction);
-
-    req->set_referrer_policy(test.original_referrer_policy);
-    req->SetReferrer(test.original_referrer);
-
-    req->set_method("GET");
-    req->Start();
-
-    base::RunLoop().Run();
-
-    EXPECT_TRUE(network_layer.done_reading_called());
-
-    RemoveMockTransaction(&transaction);
-
-    // Test that the referrer policy and referrer were set correctly
-    // according to the header received during the redirect.
-    EXPECT_EQ(test.expected_final_referrer_policy, req->referrer_policy());
-    EXPECT_EQ(test.expected_final_referrer, req->referrer());
-  }
-}
-
 TEST(URLRequestJob, TransactionNotCachedWhenNetworkDelegateRedirects) {
   MockNetworkLayer network_layer;
   TestNetworkDelegate network_delegate;
   network_delegate.set_redirect_on_headers_received_url(GURL("http://foo"));
   TestURLRequestContext context;
   context.set_http_transaction_factory(&network_layer);
   context.set_network_delegate(&network_delegate);
 
   TestDelegate d;
   std::unique_ptr<URLRequest> req(
@@ skipping 105 matching lines @@
 
   EXPECT_FALSE(d.request_failed());
   EXPECT_EQ(200, req->GetResponseCode());
   EXPECT_EQ(kBrotliDecodedHelloData, d.data_received());
   EXPECT_TRUE(network_layer.done_reading_called());
 
   RemoveMockTransaction(&kBrotli_Slow_Transaction);
 }
 
 }  // namespace net