OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/url_request/url_request_job.h" | 5 #include "net/url_request/url_request_job.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
80 | 80 |
81 std::string referrer_policy_header; | 81 std::string referrer_policy_header; |
82 request->GetResponseHeaderByName("Referrer-Policy", &referrer_policy_header); | 82 request->GetResponseHeaderByName("Referrer-Policy", &referrer_policy_header); |
83 std::vector<std::string> policy_tokens = | 83 std::vector<std::string> policy_tokens = |
84 base::SplitString(referrer_policy_header, ",", base::TRIM_WHITESPACE, | 84 base::SplitString(referrer_policy_header, ",", base::TRIM_WHITESPACE, |
85 base::SPLIT_WANT_NONEMPTY); | 85 base::SPLIT_WANT_NONEMPTY); |
86 | 86 |
87 UMA_HISTOGRAM_BOOLEAN("Net.URLRequest.ReferrerPolicyHeaderPresentOnRedirect", | 87 UMA_HISTOGRAM_BOOLEAN("Net.URLRequest.ReferrerPolicyHeaderPresentOnRedirect", |
88 !policy_tokens.empty()); | 88 !policy_tokens.empty()); |
89 | 89 |
| 90 // Per https://w3c.github.io/webappsec-referrer-policy/#unknown-policy-values, |
| 91 // use the last recognized policy value, and ignore unknown policies. |
90 for (const auto& token : policy_tokens) { | 92 for (const auto& token : policy_tokens) { |
91 if (base::CompareCaseInsensitiveASCII(token, "no-referrer") == 0) { | 93 if (base::CompareCaseInsensitiveASCII(token, "no-referrer") == 0) { |
92 new_policy = URLRequest::NO_REFERRER; | 94 new_policy = URLRequest::NO_REFERRER; |
93 continue; | 95 continue; |
94 } | 96 } |
95 | 97 |
96 if (base::CompareCaseInsensitiveASCII(token, | 98 if (base::CompareCaseInsensitiveASCII(token, |
97 "no-referrer-when-downgrade") == 0) { | 99 "no-referrer-when-downgrade") == 0) { |
98 new_policy = | 100 new_policy = |
99 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE; | 101 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE; |
100 continue; | 102 continue; |
101 } | 103 } |
102 | 104 |
103 if (base::CompareCaseInsensitiveASCII(token, "origin") == 0) { | 105 if (base::CompareCaseInsensitiveASCII(token, "origin") == 0) { |
104 new_policy = URLRequest::ORIGIN; | 106 new_policy = URLRequest::ORIGIN; |
105 continue; | 107 continue; |
106 } | 108 } |
107 | 109 |
108 if (base::CompareCaseInsensitiveASCII(token, "origin-when-cross-origin") == | 110 if (base::CompareCaseInsensitiveASCII(token, "origin-when-cross-origin") == |
109 0) { | 111 0) { |
110 new_policy = URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN; | 112 new_policy = URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN; |
111 continue; | 113 continue; |
112 } | 114 } |
113 | 115 |
114 if (base::CompareCaseInsensitiveASCII(token, "unsafe-url") == 0) { | 116 if (base::CompareCaseInsensitiveASCII(token, "unsafe-url") == 0) { |
115 new_policy = URLRequest::NEVER_CLEAR_REFERRER; | 117 new_policy = URLRequest::NEVER_CLEAR_REFERRER; |
116 continue; | 118 continue; |
117 } | 119 } |
| 120 |
| 121 if (base::CompareCaseInsensitiveASCII(token, "same-origin") == 0) { |
| 122 new_policy = URLRequest::CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN; |
| 123 continue; |
| 124 } |
| 125 |
| 126 if (base::CompareCaseInsensitiveASCII(token, "strict-origin") == 0) { |
| 127 new_policy = |
| 128 URLRequest::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE; |
| 129 continue; |
| 130 } |
| 131 |
| 132 if (base::CompareCaseInsensitiveASCII( |
| 133 token, "strict-origin-when-cross-origin") == 0) { |
| 134 new_policy = |
| 135 URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN; |
| 136 continue; |
| 137 } |
118 } | 138 } |
119 return new_policy; | 139 return new_policy; |
120 } | 140 } |
121 | 141 |
122 } // namespace | 142 } // namespace |
123 | 143 |
124 // Each SourceStreams own the previous SourceStream in the chain, but the | 144 // Each SourceStreams own the previous SourceStream in the chain, but the |
125 // ultimate source is URLRequestJob, which has other ownership semantics, so | 145 // ultimate source is URLRequestJob, which has other ownership semantics, so |
126 // this class is a proxy for URLRequestJob that is owned by the first stream | 146 // this class is a proxy for URLRequestJob that is owned by the first stream |
127 // (in dataflow order). | 147 // (in dataflow order). |
(...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
355 } | 375 } |
356 | 376 |
357 void URLRequestJob::NotifyURLRequestDestroyed() { | 377 void URLRequestJob::NotifyURLRequestDestroyed() { |
358 } | 378 } |
359 | 379 |
360 void URLRequestJob::GetConnectionAttempts(ConnectionAttempts* out) const { | 380 void URLRequestJob::GetConnectionAttempts(ConnectionAttempts* out) const { |
361 out->clear(); | 381 out->clear(); |
362 } | 382 } |
363 | 383 |
364 // static | 384 // static |
365 GURL URLRequestJob::ComputeReferrerForRedirect( | 385 GURL URLRequestJob::ComputeReferrerForPolicy(URLRequest::ReferrerPolicy policy, |
366 URLRequest::ReferrerPolicy policy, | 386 const GURL& original_referrer, |
367 const GURL& original_referrer, | 387 const GURL& destination) { |
368 const GURL& redirect_destination) { | |
369 bool secure_referrer_but_insecure_destination = | 388 bool secure_referrer_but_insecure_destination = |
370 original_referrer.SchemeIsCryptographic() && | 389 original_referrer.SchemeIsCryptographic() && |
371 !redirect_destination.SchemeIsCryptographic(); | 390 !destination.SchemeIsCryptographic(); |
372 url::Origin referrer_origin(original_referrer); | 391 url::Origin referrer_origin(original_referrer); |
373 bool same_origin = | 392 bool same_origin = referrer_origin.IsSameOriginWith(url::Origin(destination)); |
374 referrer_origin.IsSameOriginWith(url::Origin(redirect_destination)); | |
375 switch (policy) { | 393 switch (policy) { |
376 case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: | 394 case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: |
377 return secure_referrer_but_insecure_destination ? GURL() | 395 return secure_referrer_but_insecure_destination ? GURL() |
378 : original_referrer; | 396 : original_referrer; |
379 | 397 |
380 case URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN: | 398 case URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN: |
381 if (same_origin) { | 399 if (same_origin) { |
382 return original_referrer; | 400 return original_referrer; |
383 } else if (secure_referrer_but_insecure_destination) { | 401 } else if (secure_referrer_but_insecure_destination) { |
384 return GURL(); | 402 return GURL(); |
385 } else { | 403 } else { |
386 return referrer_origin.GetURL(); | 404 return referrer_origin.GetURL(); |
387 } | 405 } |
388 | 406 |
389 case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN: | 407 case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN: |
390 return same_origin ? original_referrer : referrer_origin.GetURL(); | 408 return same_origin ? original_referrer : referrer_origin.GetURL(); |
391 | 409 |
392 case URLRequest::NEVER_CLEAR_REFERRER: | 410 case URLRequest::NEVER_CLEAR_REFERRER: |
393 return original_referrer; | 411 return original_referrer; |
394 case URLRequest::ORIGIN: | 412 case URLRequest::ORIGIN: |
395 return referrer_origin.GetURL(); | 413 return referrer_origin.GetURL(); |
| 414 case URLRequest::CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN: |
| 415 if (same_origin) |
| 416 return original_referrer; |
| 417 return GURL(); |
| 418 case URLRequest::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE: |
| 419 if (secure_referrer_but_insecure_destination) |
| 420 return GURL(); |
| 421 return referrer_origin.GetURL(); |
396 case URLRequest::NO_REFERRER: | 422 case URLRequest::NO_REFERRER: |
397 return GURL(); | 423 return GURL(); |
398 case URLRequest::MAX_REFERRER_POLICY: | 424 case URLRequest::MAX_REFERRER_POLICY: |
399 NOTREACHED(); | 425 NOTREACHED(); |
400 return GURL(); | 426 return GURL(); |
401 } | 427 } |
402 | 428 |
403 NOTREACHED(); | 429 NOTREACHED(); |
404 return GURL(); | 430 return GURL(); |
405 } | 431 } |
(...skipping 426 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
832 } else { | 858 } else { |
833 redirect_info.new_first_party_for_cookies = | 859 redirect_info.new_first_party_for_cookies = |
834 request_->first_party_for_cookies(); | 860 request_->first_party_for_cookies(); |
835 } | 861 } |
836 | 862 |
837 redirect_info.new_referrer_policy = | 863 redirect_info.new_referrer_policy = |
838 ProcessReferrerPolicyHeaderOnRedirect(request_); | 864 ProcessReferrerPolicyHeaderOnRedirect(request_); |
839 | 865 |
840 // Alter the referrer if redirecting cross-origin (especially HTTP->HTTPS). | 866 // Alter the referrer if redirecting cross-origin (especially HTTP->HTTPS). |
841 redirect_info.new_referrer = | 867 redirect_info.new_referrer = |
842 ComputeReferrerForRedirect(redirect_info.new_referrer_policy, | 868 ComputeReferrerForPolicy(redirect_info.new_referrer_policy, |
843 GURL(request_->referrer()), | 869 GURL(request_->referrer()), |
844 redirect_info.new_url) | 870 redirect_info.new_url) |
845 .spec(); | 871 .spec(); |
846 | 872 |
847 std::string include_referer; | 873 std::string include_referer; |
848 request_->GetResponseHeaderByName("include-referred-token-binding-id", | 874 request_->GetResponseHeaderByName("include-referred-token-binding-id", |
849 &include_referer); | 875 &include_referer); |
850 include_referer = base::ToLowerASCII(include_referer); | 876 include_referer = base::ToLowerASCII(include_referer); |
851 if (include_referer == "true" && | 877 if (include_referer == "true" && |
852 request_->ssl_info().token_binding_negotiated) { | 878 request_->ssl_info().token_binding_negotiated) { |
853 redirect_info.referred_token_binding_host = url.host(); | 879 redirect_info.referred_token_binding_host = url.host(); |
854 } | 880 } |
(...skipping 18 matching lines...) Expand all Loading... |
873 int64_t total_sent_bytes = GetTotalSentBytes(); | 899 int64_t total_sent_bytes = GetTotalSentBytes(); |
874 DCHECK_GE(total_sent_bytes, last_notified_total_sent_bytes_); | 900 DCHECK_GE(total_sent_bytes, last_notified_total_sent_bytes_); |
875 if (total_sent_bytes > last_notified_total_sent_bytes_) { | 901 if (total_sent_bytes > last_notified_total_sent_bytes_) { |
876 network_delegate_->NotifyNetworkBytesSent( | 902 network_delegate_->NotifyNetworkBytesSent( |
877 request_, total_sent_bytes - last_notified_total_sent_bytes_); | 903 request_, total_sent_bytes - last_notified_total_sent_bytes_); |
878 } | 904 } |
879 last_notified_total_sent_bytes_ = total_sent_bytes; | 905 last_notified_total_sent_bytes_ = total_sent_bytes; |
880 } | 906 } |
881 | 907 |
882 } // namespace net | 908 } // namespace net |
OLD | NEW |