| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_job.h" | 5 #include "net/url_request/url_request_job.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| 11 #include "base/location.h" | 11 #include "base/location.h" |
| 12 #include "base/metrics/histogram_macros.h" | 12 #include "base/metrics/histogram_macros.h" |
| 13 #include "base/power_monitor/power_monitor.h" | 13 #include "base/power_monitor/power_monitor.h" |
| 14 #include "base/profiler/scoped_tracker.h" | 14 #include "base/profiler/scoped_tracker.h" |
| 15 #include "base/single_thread_task_runner.h" | 15 #include "base/single_thread_task_runner.h" |
| 16 #include "base/strings/string_number_conversions.h" | 16 #include "base/strings/string_number_conversions.h" |
| 17 #include "base/strings/string_split.h" |
| 17 #include "base/strings/string_util.h" | 18 #include "base/strings/string_util.h" |
| 18 #include "base/threading/thread_task_runner_handle.h" | 19 #include "base/threading/thread_task_runner_handle.h" |
| 19 #include "base/values.h" | 20 #include "base/values.h" |
| 20 #include "net/base/auth.h" | 21 #include "net/base/auth.h" |
| 21 #include "net/base/host_port_pair.h" | 22 #include "net/base/host_port_pair.h" |
| 22 #include "net/base/io_buffer.h" | 23 #include "net/base/io_buffer.h" |
| 23 #include "net/base/load_flags.h" | 24 #include "net/base/load_flags.h" |
| 24 #include "net/base/load_states.h" | 25 #include "net/base/load_states.h" |
| 25 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
| 26 #include "net/base/network_delegate.h" | 27 #include "net/base/network_delegate.h" |
| (...skipping 28 matching lines...) Expand all Loading... |
| 55 // See: | 56 // See: |
| 56 // https://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-17#section-7.3 | 57 // https://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-17#section-7.3 |
| 57 if ((http_status_code == 303 && method != "HEAD") || | 58 if ((http_status_code == 303 && method != "HEAD") || |
| 58 ((http_status_code == 301 || http_status_code == 302) && | 59 ((http_status_code == 301 || http_status_code == 302) && |
| 59 method == "POST")) { | 60 method == "POST")) { |
| 60 return "GET"; | 61 return "GET"; |
| 61 } | 62 } |
| 62 return method; | 63 return method; |
| 63 } | 64 } |
| 64 | 65 |
| 66 // A redirect response can contain a Referrer-Policy header |
| 67 // (https://w3c.github.io/webappsec-referrer-policy/). This function |
| 68 // checks for a Referrer-Policy header, and parses it if |
| 69 // present. Returns the referrer policy that should be used for the |
| 70 // request. |
| 71 URLRequest::ReferrerPolicy ProcessReferrerPolicyHeaderOnRedirect( |
| 72 URLRequest* request) { |
| 73 URLRequest::ReferrerPolicy new_policy = request->referrer_policy(); |
| 74 |
| 75 std::string referrer_policy_header; |
| 76 request->GetResponseHeaderByName("Referrer-Policy", &referrer_policy_header); |
| 77 std::vector<std::string> policy_tokens = |
| 78 base::SplitString(referrer_policy_header, ",", base::TRIM_WHITESPACE, |
| 79 base::SPLIT_WANT_NONEMPTY); |
| 80 |
| 81 for (const auto& token : policy_tokens) { |
| 82 if (base::CompareCaseInsensitiveASCII(token, "never") == 0 || |
| 83 base::CompareCaseInsensitiveASCII(token, "no-referrer") == 0) { |
| 84 new_policy = URLRequest::NO_REFERRER; |
| 85 continue; |
| 86 } |
| 87 |
| 88 if (base::CompareCaseInsensitiveASCII(token, "default") == 0 || |
| 89 base::CompareCaseInsensitiveASCII(token, |
| 90 "no-referrer-when-downgrade") == 0) { |
| 91 new_policy = |
| 92 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE; |
| 93 continue; |
| 94 } |
| 95 |
| 96 if (base::CompareCaseInsensitiveASCII(token, "origin") == 0) { |
| 97 new_policy = URLRequest::ORIGIN; |
| 98 continue; |
| 99 } |
| 100 |
| 101 if (base::CompareCaseInsensitiveASCII(token, "origin-when-cross-origin") == |
| 102 0) { |
| 103 new_policy = URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN; |
| 104 continue; |
| 105 } |
| 106 |
| 107 if (base::CompareCaseInsensitiveASCII(token, "always") == 0 || |
| 108 base::CompareCaseInsensitiveASCII(token, "unsafe-url") == 0) { |
| 109 new_policy = URLRequest::NEVER_CLEAR_REFERRER; |
| 110 continue; |
| 111 } |
| 112 } |
| 113 return new_policy; |
| 114 } |
| 115 |
| 65 } // namespace | 116 } // namespace |
| 66 | 117 |
| 67 URLRequestJob::URLRequestJob(URLRequest* request, | 118 URLRequestJob::URLRequestJob(URLRequest* request, |
| 68 NetworkDelegate* network_delegate) | 119 NetworkDelegate* network_delegate) |
| 69 : request_(request), | 120 : request_(request), |
| 70 done_(false), | 121 done_(false), |
| 71 prefilter_bytes_read_(0), | 122 prefilter_bytes_read_(0), |
| 72 postfilter_bytes_read_(0), | 123 postfilter_bytes_read_(0), |
| 73 filter_needs_more_output_space_(false), | 124 filter_needs_more_output_space_(false), |
| 74 filtered_read_buffer_len_(0), | 125 filtered_read_buffer_len_(0), |
| (...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 337 return GURL(); | 388 return GURL(); |
| 338 } else { | 389 } else { |
| 339 return original_referrer.GetOrigin(); | 390 return original_referrer.GetOrigin(); |
| 340 } | 391 } |
| 341 | 392 |
| 342 case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN: | 393 case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN: |
| 343 return same_origin ? original_referrer : original_referrer.GetOrigin(); | 394 return same_origin ? original_referrer : original_referrer.GetOrigin(); |
| 344 | 395 |
| 345 case URLRequest::NEVER_CLEAR_REFERRER: | 396 case URLRequest::NEVER_CLEAR_REFERRER: |
| 346 return original_referrer; | 397 return original_referrer; |
| 398 case URLRequest::ORIGIN: |
| 399 return original_referrer.GetOrigin(); |
| 400 case URLRequest::NO_REFERRER: |
| 401 return GURL(); |
| 402 case URLRequest::MAX_REFERRER_POLICY: |
| 403 NOTREACHED(); |
| 404 return GURL(); |
| 347 } | 405 } |
| 348 | 406 |
| 349 NOTREACHED(); | 407 NOTREACHED(); |
| 350 return GURL(); | 408 return GURL(); |
| 351 } | 409 } |
| 352 | 410 |
| 353 void URLRequestJob::NotifyCertificateRequested( | 411 void URLRequestJob::NotifyCertificateRequested( |
| 354 SSLCertRequestInfo* cert_request_info) { | 412 SSLCertRequestInfo* cert_request_info) { |
| 355 request_->NotifyCertificateRequested(cert_request_info); | 413 request_->NotifyCertificateRequested(cert_request_info); |
| 356 } | 414 } |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 391 // the time stamps if it has that information. The default request_time is | 449 // the time stamps if it has that information. The default request_time is |
| 392 // set by URLRequest before it calls our Start method. | 450 // set by URLRequest before it calls our Start method. |
| 393 request_->response_info_.response_time = base::Time::Now(); | 451 request_->response_info_.response_time = base::Time::Now(); |
| 394 GetResponseInfo(&request_->response_info_); | 452 GetResponseInfo(&request_->response_info_); |
| 395 | 453 |
| 396 MaybeNotifyNetworkBytes(); | 454 MaybeNotifyNetworkBytes(); |
| 397 request_->OnHeadersComplete(); | 455 request_->OnHeadersComplete(); |
| 398 | 456 |
| 399 GURL new_location; | 457 GURL new_location; |
| 400 int http_status_code; | 458 int http_status_code; |
| 459 |
| 401 if (IsRedirectResponse(&new_location, &http_status_code)) { | 460 if (IsRedirectResponse(&new_location, &http_status_code)) { |
| 402 // Redirect response bodies are not read. Notify the transaction | 461 // Redirect response bodies are not read. Notify the transaction |
| 403 // so it does not treat being stopped as an error. | 462 // so it does not treat being stopped as an error. |
| 404 DoneReadingRedirectResponse(); | 463 DoneReadingRedirectResponse(); |
| 405 | 464 |
| 406 // When notifying the URLRequest::Delegate, it can destroy the request, | 465 // When notifying the URLRequest::Delegate, it can destroy the request, |
| 407 // which will destroy |this|. After calling to the URLRequest::Delegate, | 466 // which will destroy |this|. After calling to the URLRequest::Delegate, |
| 408 // pointer must be checked to see if |this| still exists, and if not, the | 467 // pointer must be checked to see if |this| still exists, and if not, the |
| 409 // code must return immediately. | 468 // code must return immediately. |
| 410 base::WeakPtr<URLRequestJob> weak_this(weak_factory_.GetWeakPtr()); | 469 base::WeakPtr<URLRequestJob> weak_this(weak_factory_.GetWeakPtr()); |
| (...skipping 526 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 937 | 996 |
| 938 // Update the first-party URL if appropriate. | 997 // Update the first-party URL if appropriate. |
| 939 if (request_->first_party_url_policy() == | 998 if (request_->first_party_url_policy() == |
| 940 URLRequest::UPDATE_FIRST_PARTY_URL_ON_REDIRECT) { | 999 URLRequest::UPDATE_FIRST_PARTY_URL_ON_REDIRECT) { |
| 941 redirect_info.new_first_party_for_cookies = redirect_info.new_url; | 1000 redirect_info.new_first_party_for_cookies = redirect_info.new_url; |
| 942 } else { | 1001 } else { |
| 943 redirect_info.new_first_party_for_cookies = | 1002 redirect_info.new_first_party_for_cookies = |
| 944 request_->first_party_for_cookies(); | 1003 request_->first_party_for_cookies(); |
| 945 } | 1004 } |
| 946 | 1005 |
| 1006 if (request_->context()->enable_referrer_policy_header()) { |
| 1007 redirect_info.new_referrer_policy = |
| 1008 ProcessReferrerPolicyHeaderOnRedirect(request_); |
| 1009 } else { |
| 1010 redirect_info.new_referrer_policy = request_->referrer_policy(); |
| 1011 } |
| 1012 |
| 947 // Alter the referrer if redirecting cross-origin (especially HTTP->HTTPS). | 1013 // Alter the referrer if redirecting cross-origin (especially HTTP->HTTPS). |
| 948 redirect_info.new_referrer = | 1014 redirect_info.new_referrer = |
| 949 ComputeReferrerForRedirect(request_->referrer_policy(), | 1015 ComputeReferrerForRedirect(redirect_info.new_referrer_policy, |
| 950 request_->referrer(), | 1016 request_->referrer(), redirect_info.new_url) |
| 951 redirect_info.new_url).spec(); | 1017 .spec(); |
| 952 | 1018 |
| 953 std::string include_referer; | 1019 std::string include_referer; |
| 954 request_->GetResponseHeaderByName("include-referer-token-binding-id", | 1020 request_->GetResponseHeaderByName("include-referer-token-binding-id", |
| 955 &include_referer); | 1021 &include_referer); |
| 956 if (include_referer == "true" && | 1022 if (include_referer == "true" && |
| 957 request_->ssl_info().token_binding_negotiated) { | 1023 request_->ssl_info().token_binding_negotiated) { |
| 958 redirect_info.referred_token_binding_host = url.host(); | 1024 redirect_info.referred_token_binding_host = url.host(); |
| 959 } | 1025 } |
| 960 | 1026 |
| 961 return redirect_info; | 1027 return redirect_info; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 978 int64_t total_sent_bytes = GetTotalSentBytes(); | 1044 int64_t total_sent_bytes = GetTotalSentBytes(); |
| 979 DCHECK_GE(total_sent_bytes, last_notified_total_sent_bytes_); | 1045 DCHECK_GE(total_sent_bytes, last_notified_total_sent_bytes_); |
| 980 if (total_sent_bytes > last_notified_total_sent_bytes_) { | 1046 if (total_sent_bytes > last_notified_total_sent_bytes_) { |
| 981 network_delegate_->NotifyNetworkBytesSent( | 1047 network_delegate_->NotifyNetworkBytesSent( |
| 982 request_, total_sent_bytes - last_notified_total_sent_bytes_); | 1048 request_, total_sent_bytes - last_notified_total_sent_bytes_); |
| 983 } | 1049 } |
| 984 last_notified_total_sent_bytes_ = total_sent_bytes; | 1050 last_notified_total_sent_bytes_ = total_sent_bytes; |
| 985 } | 1051 } |
| 986 | 1052 |
| 987 } // namespace net | 1053 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2111623003:
Reland of Apply Referrer-Policy header when following redirects (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master