Implement new referrer policies

net/url_request/url_request.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_URL_REQUEST_URL_REQUEST_H_
 #define NET_URL_REQUEST_URL_REQUEST_H_
 
 #include <stdint.h>
 
 #include <memory>
@@ skipping 78 matching lines @@
   enum ReferrerPolicy {
     // Clear the referrer header if the protocol changes from HTTPS to
     // HTTP. This is the default behavior of URLRequest.
     CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
     // A slight variant on
     // CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: If the
     // request downgrades from HTTPS to HTTP, the referrer will be
     // cleared. If the request transitions cross-origin (but does not
     // downgrade), the referrer's granularity will be reduced (currently
     // stripped down to an origin rather than a full URL). Same-origin
     // requests will send the full referrer.

[mmenke, 2017/06/07 21:03:57]

Remove "(currently stripped down to an origin rather than a full URL)" - that
implies this is an ad hoc behavior, but now that there's a spec requiriing it,
seems like we should be less fuzzy about it.

[estark, 2017/06/08 18:42:57]

Done.

     REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
     // Strip the referrer down to an origin upon cross-origin navigation.
     ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
     // Never change the referrer.
     NEVER_CLEAR_REFERRER,
     // Strip the referrer down to the origin regardless of the redirect
     // location.
     ORIGIN,
+    // Clear the referrer on cross-origin redirect locations.
+    CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN,
+    // Strip the referrer down to the origin, but clear it entirely if the
+    // protocol changes from HTTPS to HTTP.
+    ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,

[mmenke, 2017/06/07 21:03:57]

These names aren't accurate - not sure if there's a way to be clearer without
making them take up 5 lines each, but it's not the transition that makes us
clear the referrer, but rather having a secure referrer and an insecure page. 
Could update the descriptions, at least.

i.e., if https://secure/ requests http://foo.com/ with policy ORIGIN,
http://foo.com/ sees the referrer, but if foo.com then changes the policy with
"strict-origin" and redirects to http://bar.com/, bar.com does not see the
referrer, even though it's not a secure to insecure transition.

There are also lots of other fun cases (secure->insecure->secure and then set a
policy that only keeps referrer on secure sites won't retroactively remove the
referrer, for instance).

[estark, 2017/06/08 18:42:57]

Updated the comments. I think it would also help to name these values to match
the spec, but perhaps that can be for a different CL.

     // Always clear the referrer regardless of the redirect location.
     NO_REFERRER,
     MAX_REFERRER_POLICY
   };
 
   // First-party URL redirect policy: During server redirects, the first-party
   // URL for cookies normally doesn't change. However, if the request is a
   // top-level first-party request, the first-party URL should be updated to the
   // URL on every redirect.
   enum FirstPartyURLPolicy {
@@ skipping 743 matching lines @@
   const NetworkTrafficAnnotationTag traffic_annotation_;
 
   THREAD_CHECKER(thread_checker_);
 
   DISALLOW_COPY_AND_ASSIGN(URLRequest);
 };
 
 }  // namespace net
 
 #endif  // NET_URL_REQUEST_URL_REQUEST_H_