Chromium Code Reviews Chromium Code Reviews
Issue 2278823004:
Stop supporting legacy keywords in Referrer-Policy header (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 51 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); | 51 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); |
| 52 return originAccessMap; | 52 return originAccessMap; |
| 53 } | 53 } |
| 54 | 54 |
| 55 static OriginSet& trustworthyOriginSet() | 55 static OriginSet& trustworthyOriginSet() |
| 56 { | 56 { |
| 57 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); | 57 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); |
| 58 return trustworthyOriginSet; | 58 return trustworthyOriginSet; |
| 59 } | 59 } |
| 60 | 60 |
| 61 static bool referrerPolicyFromStringImpl(const String& policy, bool supportLegac yKeywords, ReferrerPolicy* result) | |
|
jochen (gone - plz use gerrit)
2016/08/26 15:07:35
nit. please use an enum (class) instead of a bool
estark
2016/08/26 16:23:44
Done.
| |
| 62 { | |
| 63 DCHECK(!policy.isNull()); | |
| 64 | |
| 65 if (equalIgnoringCase(policy, "no-referrer") || (supportLegacyKeywords && eq ualIgnoringCase(policy, "never"))) { | |
| 66 *result = ReferrerPolicyNever; | |
| 67 return true; | |
| 68 } | |
| 69 if (equalIgnoringCase(policy, "unsafe-url") || (supportLegacyKeywords && equ alIgnoringCase(policy, "always"))) { | |
| 70 *result = ReferrerPolicyAlways; | |
| 71 return true; | |
| 72 } | |
| 73 if (equalIgnoringCase(policy, "origin")) { | |
| 74 *result = ReferrerPolicyOrigin; | |
| 75 return true; | |
| 76 } | |
| 77 if (equalIgnoringCase(policy, "origin-when-cross-origin") || (supportLegacyK eywords && equalIgnoringCase(policy, "origin-when-crossorigin"))) { | |
| 78 *result = ReferrerPolicyOriginWhenCrossOrigin; | |
| 79 return true; | |
| 80 } | |
| 81 if (equalIgnoringCase(policy, "no-referrer-when-downgrade") || (supportLegac yKeywords && equalIgnoringCase(policy, "default"))) { | |
| 82 *result = ReferrerPolicyNoReferrerWhenDowngrade; | |
| 83 return true; | |
| 84 } | |
| 85 return false; | |
| 86 } | |
| 87 | |
| 61 void SecurityPolicy::init() | 88 void SecurityPolicy::init() |
| 62 { | 89 { |
| 63 originAccessMap(); | 90 originAccessMap(); |
| 64 trustworthyOriginSet(); | 91 trustworthyOriginSet(); |
| 65 } | 92 } |
| 66 | 93 |
| 67 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) | 94 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) |
| 68 { | 95 { |
| 69 bool referrerIsSecureURL = protocolIs(referrer, "https"); | 96 bool referrerIsSecureURL = protocolIs(referrer, "https"); |
| 70 String scheme = KURL(KURL(), referrer).protocol(); | 97 String scheme = KURL(KURL(), referrer).protocol(); |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 218 } | 245 } |
| 219 | 246 |
| 220 void SecurityPolicy::resetOriginAccessWhitelists() | 247 void SecurityPolicy::resetOriginAccessWhitelists() |
| 221 { | 248 { |
| 222 ASSERT(isMainThread()); | 249 ASSERT(isMainThread()); |
| 223 originAccessMap().clear(); | 250 originAccessMap().clear(); |
| 224 } | 251 } |
| 225 | 252 |
| 226 bool SecurityPolicy::referrerPolicyFromString(const String& policy, ReferrerPoli cy* result) | 253 bool SecurityPolicy::referrerPolicyFromString(const String& policy, ReferrerPoli cy* result) |
| 227 { | 254 { |
| 228 ASSERT(!policy.isNull()); | 255 return referrerPolicyFromStringImpl(policy, false /* use legacy keywords */, result); |
| 256 } | |
| 229 | 257 |
| 230 if (equalIgnoringCase(policy, "no-referrer") || equalIgnoringCase(policy, "n ever")) { | 258 bool SecurityPolicy::referrerPolicyFromStringWithLegacyKeywords(const String& po licy, ReferrerPolicy* result) |
| 231 *result = ReferrerPolicyNever; | 259 { |
| 232 return true; | 260 return referrerPolicyFromStringImpl(policy, true /* use legacy keywords */, result); |
| 233 } | |
| 234 if (equalIgnoringCase(policy, "unsafe-url") || equalIgnoringCase(policy, "al ways")) { | |
| 235 *result = ReferrerPolicyAlways; | |
| 236 return true; | |
| 237 } | |
| 238 if (equalIgnoringCase(policy, "origin")) { | |
| 239 *result = ReferrerPolicyOrigin; | |
| 240 return true; | |
| 241 } | |
| 242 if (equalIgnoringCase(policy, "origin-when-cross-origin") || equalIgnoringCa se(policy, "origin-when-crossorigin")) { | |
| 243 *result = ReferrerPolicyOriginWhenCrossOrigin; | |
| 244 return true; | |
| 245 } | |
| 246 if (equalIgnoringCase(policy, "no-referrer-when-downgrade") || equalIgnoring Case(policy, "default")) { | |
| 247 *result = ReferrerPolicyNoReferrerWhenDowngrade; | |
| 248 return true; | |
| 249 } | |
| 250 return false; | |
| 251 } | 261 } |
| 252 | 262 |
| 253 } // namespace blink | 263 } // namespace blink |
| OLD | NEW |
