Add ReferrerPolicy support to preload

third_party/WebKit/Source/core/loader/LinkLoader.cpp

 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 249 matching lines @@
 
 static Resource* preloadIfNeeded(const LinkRelAttribute& relAttribute,
                                  const KURL& href,
                                  Document& document,
                                  const String& as,
                                  const String& mimeType,
                                  const String& media,
                                  CrossOriginAttributeValue crossOrigin,
                                  LinkCaller caller,
                                  bool& errorOccurred,
-                                 ViewportDescription* viewportDescription) {
+                                 ViewportDescription* viewportDescription,
+                                 ReferrerPolicy referrerPolicy) {
   if (!document.loader() || !relAttribute.isLinkPreload())
     return nullptr;
 
   UseCounter::count(document, UseCounter::LinkRelPreload);
   if (!href.isValid() || href.isEmpty()) {
     document.addConsoleMessage(ConsoleMessage::create(
         OtherMessageSource, WarningMessageLevel,
         String("<link rel=preload> has an invalid `href` value")));
     return nullptr;
   }
@@ skipping 25 matching lines @@
 
   if (!isSupportedType(resourceType, mimeType)) {
     document.addConsoleMessage(ConsoleMessage::create(
         OtherMessageSource, WarningMessageLevel,
         String("<link rel=preload> has an unsupported `type` value")));
     return nullptr;
   }
   ResourceRequest resourceRequest(document.completeURL(href));
   ResourceFetcher::determineRequestContext(resourceRequest, resourceType,
                                            false);
+
+  if (referrerPolicy != ReferrerPolicyDefault) {
+    resourceRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(
+        referrerPolicy, href, document.outgoingReferrer()));
+  }
+
   FetchRequest linkRequest(resourceRequest, FetchInitiatorTypeNames::link,
                            document.encodingName());
 
   if (crossOrigin != CrossOriginAttributeNotSet)
     linkRequest.setCrossOriginAccessControl(document.getSecurityOrigin(),
                                             crossOrigin);
   Settings* settings = document.settings();
   if (settings && settings->logPreload())
     document.addConsoleMessage(ConsoleMessage::create(
         OtherMessageSource, DebugMessageLevel,
@@ skipping 35 matching lines @@
       preconnectIfNeeded(relAttribute, url, *document,
                          crossOriginAttributeValue(header.crossOrigin()),
                          networkHintsInterface, LinkCalledFromHeader);
     }
     if (canLoadResources != DoNotLoadResources) {
       bool errorOccurred = false;
       ViewportDescription* viewportDescription =
           (viewportDescriptionWrapper && viewportDescriptionWrapper->set)
               ? &(viewportDescriptionWrapper->description)
               : nullptr;
+
+      ReferrerPolicy referrerPolicy = ReferrerPolicyDefault;
+      if (!header.referrerPolicy().isNull()) {
+        SecurityPolicy::referrerPolicyFromStringWithLegacyKeywords(
+            header.referrerPolicy(), &referrerPolicy);
+      }
+
       preloadIfNeeded(relAttribute, url, *document, header.as(),
                       header.mimeType(), header.media(),
                       crossOriginAttributeValue(header.crossOrigin()),
-                      LinkCalledFromHeader, errorOccurred, viewportDescription);
+                      LinkCalledFromHeader, errorOccurred, viewportDescription,
+                      referrerPolicy);
     }
     // TODO(yoav): Add more supported headers as needed.
   }
 }
 
 bool LinkLoader::loadLink(const LinkRelAttribute& relAttribute,
                           CrossOriginAttributeValue crossOrigin,
                           const String& type,
                           const String& as,
                           const String& media,
+                          const String& referrerPolicy,
                           const KURL& href,
                           Document& document,
                           const NetworkHintsInterface& networkHintsInterface) {
   // TODO(yoav): Do all links need to load only after they're in document???
 
   // TODO(yoav): Convert all uses of the CrossOriginAttribute to CrossOriginAttributeValue. crbug.com/486689
   // FIXME(crbug.com/463266): We're ignoring type here, for everything but preload. Maybe we shouldn't.
   dnsPrefetchIfNeeded(relAttribute, href, document, networkHintsInterface,
                       LinkCalledFromMarkup);
 
   preconnectIfNeeded(relAttribute, href, document, crossOrigin,
                      networkHintsInterface, LinkCalledFromMarkup);
 
   bool errorOccurred = false;
-  if (m_client->shouldLoadLink())
+  if (m_client->shouldLoadLink()) {
     createLinkPreloadResourceClient(preloadIfNeeded(
         relAttribute, href, document, as, type, media, crossOrigin,
-        LinkCalledFromMarkup, errorOccurred, nullptr));
+        LinkCalledFromMarkup, errorOccurred, nullptr, ReferrerPolicyDefault));

[estark, 2016/10/18 04:55:54]

This should be `referrerPolicy` instead of `ReferrerPolicyDefault`, I think?
(Would one of the unit tests catch this?)

[Yoav Weiss, 2016/10/20 23:01:37]

yes and yes. (and now that the tests have an expected value, they actually do)

+  }
   if (errorOccurred)
     m_linkLoadingErrorTimer.startOneShot(0, BLINK_FROM_HERE);
 
   if (href.isEmpty() || !href.isValid())
     released();
 
   // FIXME(crbug.com/323096): Should take care of import.
   if (relAttribute.isLinkPrefetch() && href.isValid() && document.frame()) {
     if (!m_client->shouldLoadLink())
       return false;
     UseCounter::count(document, UseCounter::LinkRelPrefetch);
 
     FetchRequest linkRequest(ResourceRequest(document.completeURL(href)),

[estark, 2016/10/18 04:55:54]

Presumably we also want to set a referrer policy on this request, but I'm
thinking that you're intentionally just covering preload (not prefetch) in this
CL?

                              FetchInitiatorTypeNames::link);
     if (crossOrigin != CrossOriginAttributeNotSet)
       linkRequest.setCrossOriginAccessControl(document.getSecurityOrigin(),
                                               crossOrigin);
     setResource(LinkFetchResource::fetch(Resource::LinkPrefetch, linkRequest,
                                          document.fetcher()));
   }
 
   if (const unsigned prerenderRelTypes =
           prerenderRelTypesFromRelAttribute(relAttribute, document)) {
@@ skipping 26 matching lines @@
 
 DEFINE_TRACE(LinkLoader) {
   visitor->trace(m_client);
   visitor->trace(m_prerender);
   visitor->trace(m_linkPreloadResourceClient);
   ResourceOwner<Resource, ResourceClient>::trace(visitor);
   PrerenderClient::trace(visitor);
 }
 
 }  // namespace blink