Do not copy reference fragments for overridden redirects.

net/url_request/url_request_http_job.cc

Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 41b15158d5728f0022466d97b8991e4b4de8b755..c98944b74256499b381c87d08a92e56623c47830 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -1034,6 +1034,17 @@ Filter* URLRequestHttpJob::SetupFilter() const {
       ? Filter::Factory(encoding_types, *filter_context_) : NULL;
 }
 
+bool URLRequestHttpJob::IsRedirectFragmentModificationAllowed(
+    const GURL& location) {
+  // Allow modification of reference fragments by default, unless
+  // |allowed_unsafe_redirect_url_| is set and equal to the redirect URL.
+  // When this is the case, we assume that the network delegate has set the
+  // desired redirect URL (with or without fragment), so it must not be changed
+  // any more.
+  return !allowed_unsafe_redirect_url_.is_valid() ||
+       allowed_unsafe_redirect_url_ != location;

[mmenke, 2014/03/31 20:45:49]

The NetworkDelegate description should include this behavior.

[mmenke, 2014/03/31 20:45:49]

Hrm...I can't think of a reasonable name that implies this behavior as well as
the unsafe behavior...  allowed_unsafe_redirect_url_with_fragment_ works, but I
think it's going a bit overboard.  Open to suggestions.  If you don't have one,
keeping this name is fine.

[robwu, 2014/04/01 16:09:33]

Done.

[robwu, 2014/04/01 16:09:33]

|redirect_url_suggested_by_network_delegate_| as member name and
|suggested_redirect_url| as parameter in delegates.
WDYT?

+}
+
 bool URLRequestHttpJob::IsSafeRedirect(const GURL& location) {
   // HTTP is always safe.
   // TODO(pauljensen): Remove once crbug.com/146591 is fixed.
@@ -1041,14 +1052,9 @@ bool URLRequestHttpJob::IsSafeRedirect(const GURL& location) {
       (location.scheme() == "http" || location.scheme() == "https")) {
     return true;
   }
-  // Delegates may mark an URL as safe for redirection.
+  // Delegates may mark a URL as safe for redirection.
   if (allowed_unsafe_redirect_url_.is_valid()) {
-    GURL::Replacements replacements;
-    replacements.ClearRef();
-    if (allowed_unsafe_redirect_url_.ReplaceComponents(replacements) ==
-        location.ReplaceComponents(replacements)) {
-      return true;
-    }
+    return allowed_unsafe_redirect_url_ == location;

[mmenke, 2014/03/31 20:45:49]

Think this should be:

if (allowed_unsafe_redirect_url_.is_valid() &&
    allowed_unsafe_redirect_url_ == location) {
  return true;
}

(i.e. if two external objects are fighting over the redirect, and the winning
one is not the one that set allowed_unsafe_redirect_url_, use normal logic here)

[robwu, 2014/04/01 16:09:33]

Done.

   }
   // Query URLRequestJobFactory as to whether |location| would be safe to
   // redirect to.