Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(776)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request.h

Issue 2108423002: Revert of Apply Referrer-Policy header when following redirects (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/url_request/redirect_info.cc ('k') | net/url_request/url_request.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request.h
diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h
index 85eb2e4ead2f7c053ae1d0277db8d0e4733bb2db..97cf291eb25b6d923d1adf933f5e7ab73b131f4f 100644
--- a/net/url_request/url_request.h
+++ b/net/url_request/url_request.h
@@ -81,31 +81,27 @@
NetworkDelegate* network_delegate,
const std::string& scheme);
- // A ReferrerPolicy for the request can be set with
- // set_referrer_policy() and controls the contents of the Referer
- // header when URLRequest follows server redirects.
+ // Referrer policies (see set_referrer_policy): During server redirects, the
+ // referrer header might be cleared, if the protocol changes from HTTPS to
+ // HTTP. This is the default behavior of URLRequest, corresponding to
+ // CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE. Alternatively, the
+ // referrer policy can be set to strip the referrer down to an origin upon
+ // cross-origin navigation (ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN), or
+ // never change the referrer header (NEVER_CLEAR_REFERRER). Embedders will
+ // want to use these options when implementing referrer policy support
+ // (https://w3c.github.io/webappsec/specs/referrer-policy/).
+ //
+ // REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN is a slight variant
+ // on CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: If the request
+ // downgrades from HTTPS to HTTP, the referrer will be cleared. If the request
+ // transitions cross-origin (but does not downgrade), the referrer's
+ // granularity will be reduced (currently stripped down to an origin rather
+ // than a full URL). Same-origin requests will send the full referrer.
enum ReferrerPolicy {
- // Clear the referrer header if the protocol changes from HTTPS to
- // HTTP. This is the default behavior of URLRequest.
CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
- // A slight variant on
- // CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: If the
- // request downgrades from HTTPS to HTTP, the referrer will be
- // cleared. If the request transitions cross-origin (but does not
- // downgrade), the referrer's granularity will be reduced (currently
- // stripped down to an origin rather than a full URL). Same-origin
- // requests will send the full referrer.
REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
- // Strip the referrer down to an origin upon cross-origin navigation.
ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
- // Never change the referrer.
NEVER_CLEAR_REFERRER,
- // Strip the referrer down to the origin regardless of the redirect
- // location.
- ORIGIN,
- // Always clear the referrer regardless of the redirect location.
- NO_REFERRER,
- MAX_REFERRER_POLICY
};
// First-party URL redirect policy: During server redirects, the first-party
« no previous file with comments | « net/url_request/redirect_info.cc ('k') | net/url_request/url_request.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698