Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(184)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2450533002: Apply document's referrer policy on client-initiated reload (Closed)

Created:
4 years, 1 month ago by estark
Modified:
4 years, 1 month ago
CC:
blink-reviews, chromium-reviews, gavinp+loader_chromium.org, Nate Chapin, loading-reviews_chromium.org, tyoshino+watch_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Apply document's referrer policy on client-initiated reload location.reload() has apparently never applied the document's referrer policy to the reload request. Before https://codereview.chromium.org/2393633006, this was never noticed, because the net stack's information about referrer policies was too coarse to trigger its sanity check that the referrer matches the referrer policy. So the request would go through fine, but with the wrong referrer (e.g. a referrer of http://example.com/foo even if the document's referrer policy was 'origin'). But https://codereview.chromium.org/2393633006 gave the net stack finer-grained information about referrer policies, so that the sanity check does catch reload requests where the referrer does not match the referrer policy. On a DCHECK build, location.reload() on a page with a referrer policy of, e.g., 'origin' hits a NOTREACHED(). On a non-DCHECK build, location.reload() flashes a net error page because the request gets cancelled. This CL fixes this by using SecurityPolicy::generateReferrer() to set the referrer on the reload request. BUG=658707 Committed: https://crrev.com/1dad47f20ed56478257aad69c35141472cff4c18 Cr-Commit-Position: refs/heads/master@{#427712}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+40 lines, -2 lines) Patch
A third_party/WebKit/LayoutTests/http/tests/security/referrer-on-client-reload.html View 1 chunk +23 lines, -0 lines 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/security/resources/post-referrer-on-reload.html View 1 chunk +14 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/loader/FrameLoader.cpp View 1 chunk +3 lines, -2 lines 0 comments Download

Messages

Total messages: 12 (7 generated)
estark
jochen, PTAL?
4 years, 1 month ago (2016-10-24 22:04:49 UTC) #6
jochen (gone - plz use gerrit)
lgtm
4 years, 1 month ago (2016-10-26 08:23:27 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2450533002/1
4 years, 1 month ago (2016-10-26 15:14:14 UTC) #9
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 1 month ago (2016-10-26 16:35:07 UTC) #10
commit-bot: I haz the power
4 years, 1 month ago (2016-10-26 17:12:37 UTC) #12
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/1dad47f20ed56478257aad69c35141472cff4c18
Cr-Commit-Position: refs/heads/master@{#427712}

Powered by Google App Engine
This is Rietveld 408576698