| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_job.h" | 5 #include "net/url_request/url_request_job.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 80 | 80 |
| 81 std::string referrer_policy_header; | 81 std::string referrer_policy_header; |
| 82 request->GetResponseHeaderByName("Referrer-Policy", &referrer_policy_header); | 82 request->GetResponseHeaderByName("Referrer-Policy", &referrer_policy_header); |
| 83 std::vector<std::string> policy_tokens = | 83 std::vector<std::string> policy_tokens = |
| 84 base::SplitString(referrer_policy_header, ",", base::TRIM_WHITESPACE, | 84 base::SplitString(referrer_policy_header, ",", base::TRIM_WHITESPACE, |
| 85 base::SPLIT_WANT_NONEMPTY); | 85 base::SPLIT_WANT_NONEMPTY); |
| 86 | 86 |
| 87 UMA_HISTOGRAM_BOOLEAN("Net.URLRequest.ReferrerPolicyHeaderPresentOnRedirect", | 87 UMA_HISTOGRAM_BOOLEAN("Net.URLRequest.ReferrerPolicyHeaderPresentOnRedirect", |
| 88 !policy_tokens.empty()); | 88 !policy_tokens.empty()); |
| 89 | 89 |
| 90 // Per https://w3c.github.io/webappsec-referrer-policy/#unknown-policy-values, |
| 91 // use the last recognized policy value, and ignore unknown policies. |
| 90 for (const auto& token : policy_tokens) { | 92 for (const auto& token : policy_tokens) { |
| 91 if (base::CompareCaseInsensitiveASCII(token, "no-referrer") == 0) { | 93 if (base::CompareCaseInsensitiveASCII(token, "no-referrer") == 0) { |
| 92 new_policy = URLRequest::NO_REFERRER; | 94 new_policy = URLRequest::NO_REFERRER; |
| 93 continue; | 95 continue; |
| 94 } | 96 } |
| 95 | 97 |
| 96 if (base::CompareCaseInsensitiveASCII(token, | 98 if (base::CompareCaseInsensitiveASCII(token, |
| 97 "no-referrer-when-downgrade") == 0) { | 99 "no-referrer-when-downgrade") == 0) { |
| 98 new_policy = | 100 new_policy = |
| 99 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE; | 101 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE; |
| 100 continue; | 102 continue; |
| 101 } | 103 } |
| 102 | 104 |
| 103 if (base::CompareCaseInsensitiveASCII(token, "origin") == 0) { | 105 if (base::CompareCaseInsensitiveASCII(token, "origin") == 0) { |
| 104 new_policy = URLRequest::ORIGIN; | 106 new_policy = URLRequest::ORIGIN; |
| 105 continue; | 107 continue; |
| 106 } | 108 } |
| 107 | 109 |
| 108 if (base::CompareCaseInsensitiveASCII(token, "origin-when-cross-origin") == | 110 if (base::CompareCaseInsensitiveASCII(token, "origin-when-cross-origin") == |
| 109 0) { | 111 0) { |
| 110 new_policy = URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN; | 112 new_policy = URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN; |
| 111 continue; | 113 continue; |
| 112 } | 114 } |
| 113 | 115 |
| 114 if (base::CompareCaseInsensitiveASCII(token, "unsafe-url") == 0) { | 116 if (base::CompareCaseInsensitiveASCII(token, "unsafe-url") == 0) { |
| 115 new_policy = URLRequest::NEVER_CLEAR_REFERRER; | 117 new_policy = URLRequest::NEVER_CLEAR_REFERRER; |
| 116 continue; | 118 continue; |
| 117 } | 119 } |
| 120 |
| 121 if (base::CompareCaseInsensitiveASCII(token, "same-origin") == 0) { |
| 122 new_policy = URLRequest::CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN; |
| 123 continue; |
| 124 } |
| 125 |
| 126 if (base::CompareCaseInsensitiveASCII(token, "strict-origin") == 0) { |
| 127 new_policy = |
| 128 URLRequest::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE; |
| 129 continue; |
| 130 } |
| 131 |
| 132 if (base::CompareCaseInsensitiveASCII( |
| 133 token, "strict-origin-when-cross-origin") == 0) { |
| 134 new_policy = |
| 135 URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN; |
| 136 continue; |
| 137 } |
| 118 } | 138 } |
| 119 return new_policy; | 139 return new_policy; |
| 120 } | 140 } |
| 121 | 141 |
| 122 } // namespace | 142 } // namespace |
| 123 | 143 |
| 124 // Each SourceStreams own the previous SourceStream in the chain, but the | 144 // Each SourceStreams own the previous SourceStream in the chain, but the |
| 125 // ultimate source is URLRequestJob, which has other ownership semantics, so | 145 // ultimate source is URLRequestJob, which has other ownership semantics, so |
| 126 // this class is a proxy for URLRequestJob that is owned by the first stream | 146 // this class is a proxy for URLRequestJob that is owned by the first stream |
| 127 // (in dataflow order). | 147 // (in dataflow order). |
| (...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 355 } | 375 } |
| 356 | 376 |
| 357 void URLRequestJob::NotifyURLRequestDestroyed() { | 377 void URLRequestJob::NotifyURLRequestDestroyed() { |
| 358 } | 378 } |
| 359 | 379 |
| 360 void URLRequestJob::GetConnectionAttempts(ConnectionAttempts* out) const { | 380 void URLRequestJob::GetConnectionAttempts(ConnectionAttempts* out) const { |
| 361 out->clear(); | 381 out->clear(); |
| 362 } | 382 } |
| 363 | 383 |
| 364 // static | 384 // static |
| 365 GURL URLRequestJob::ComputeReferrerForRedirect( | 385 GURL URLRequestJob::ComputeReferrerForPolicy(URLRequest::ReferrerPolicy policy, |
| 366 URLRequest::ReferrerPolicy policy, | 386 const GURL& original_referrer, |
| 367 const GURL& original_referrer, | 387 const GURL& destination) { |
| 368 const GURL& redirect_destination) { | |
| 369 bool secure_referrer_but_insecure_destination = | 388 bool secure_referrer_but_insecure_destination = |
| 370 original_referrer.SchemeIsCryptographic() && | 389 original_referrer.SchemeIsCryptographic() && |
| 371 !redirect_destination.SchemeIsCryptographic(); | 390 !destination.SchemeIsCryptographic(); |
| 372 url::Origin referrer_origin(original_referrer); | 391 url::Origin referrer_origin(original_referrer); |
| 373 bool same_origin = | 392 bool same_origin = referrer_origin.IsSameOriginWith(url::Origin(destination)); |
| 374 referrer_origin.IsSameOriginWith(url::Origin(redirect_destination)); | |
| 375 switch (policy) { | 393 switch (policy) { |
| 376 case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: | 394 case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: |
| 377 return secure_referrer_but_insecure_destination ? GURL() | 395 return secure_referrer_but_insecure_destination ? GURL() |
| 378 : original_referrer; | 396 : original_referrer; |
| 379 | 397 |
| 380 case URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN: | 398 case URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN: |
| 381 if (same_origin) { | 399 if (same_origin) { |
| 382 return original_referrer; | 400 return original_referrer; |
| 383 } else if (secure_referrer_but_insecure_destination) { | 401 } else if (secure_referrer_but_insecure_destination) { |
| 384 return GURL(); | 402 return GURL(); |
| 385 } else { | 403 } else { |
| 386 return referrer_origin.GetURL(); | 404 return referrer_origin.GetURL(); |
| 387 } | 405 } |
| 388 | 406 |
| 389 case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN: | 407 case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN: |
| 390 return same_origin ? original_referrer : referrer_origin.GetURL(); | 408 return same_origin ? original_referrer : referrer_origin.GetURL(); |
| 391 | 409 |
| 392 case URLRequest::NEVER_CLEAR_REFERRER: | 410 case URLRequest::NEVER_CLEAR_REFERRER: |
| 393 return original_referrer; | 411 return original_referrer; |
| 394 case URLRequest::ORIGIN: | 412 case URLRequest::ORIGIN: |
| 395 return referrer_origin.GetURL(); | 413 return referrer_origin.GetURL(); |
| 414 case URLRequest::CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN: |
| 415 if (same_origin) |
| 416 return original_referrer; |
| 417 return GURL(); |
| 418 case URLRequest::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE: |
| 419 if (secure_referrer_but_insecure_destination) |
| 420 return GURL(); |
| 421 return referrer_origin.GetURL(); |
| 396 case URLRequest::NO_REFERRER: | 422 case URLRequest::NO_REFERRER: |
| 397 return GURL(); | 423 return GURL(); |
| 398 case URLRequest::MAX_REFERRER_POLICY: | 424 case URLRequest::MAX_REFERRER_POLICY: |
| 399 NOTREACHED(); | 425 NOTREACHED(); |
| 400 return GURL(); | 426 return GURL(); |
| 401 } | 427 } |
| 402 | 428 |
| 403 NOTREACHED(); | 429 NOTREACHED(); |
| 404 return GURL(); | 430 return GURL(); |
| 405 } | 431 } |
| (...skipping 426 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 832 } else { | 858 } else { |
| 833 redirect_info.new_first_party_for_cookies = | 859 redirect_info.new_first_party_for_cookies = |
| 834 request_->first_party_for_cookies(); | 860 request_->first_party_for_cookies(); |
| 835 } | 861 } |
| 836 | 862 |
| 837 redirect_info.new_referrer_policy = | 863 redirect_info.new_referrer_policy = |
| 838 ProcessReferrerPolicyHeaderOnRedirect(request_); | 864 ProcessReferrerPolicyHeaderOnRedirect(request_); |
| 839 | 865 |
| 840 // Alter the referrer if redirecting cross-origin (especially HTTP->HTTPS). | 866 // Alter the referrer if redirecting cross-origin (especially HTTP->HTTPS). |
| 841 redirect_info.new_referrer = | 867 redirect_info.new_referrer = |
| 842 ComputeReferrerForRedirect(redirect_info.new_referrer_policy, | 868 ComputeReferrerForPolicy(redirect_info.new_referrer_policy, |
| 843 GURL(request_->referrer()), | 869 GURL(request_->referrer()), |
| 844 redirect_info.new_url) | 870 redirect_info.new_url) |
| 845 .spec(); | 871 .spec(); |
| 846 | 872 |
| 847 std::string include_referer; | 873 std::string include_referer; |
| 848 request_->GetResponseHeaderByName("include-referred-token-binding-id", | 874 request_->GetResponseHeaderByName("include-referred-token-binding-id", |
| 849 &include_referer); | 875 &include_referer); |
| 850 include_referer = base::ToLowerASCII(include_referer); | 876 include_referer = base::ToLowerASCII(include_referer); |
| 851 if (include_referer == "true" && | 877 if (include_referer == "true" && |
| 852 request_->ssl_info().token_binding_negotiated) { | 878 request_->ssl_info().token_binding_negotiated) { |
| 853 redirect_info.referred_token_binding_host = url.host(); | 879 redirect_info.referred_token_binding_host = url.host(); |
| 854 } | 880 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 873 int64_t total_sent_bytes = GetTotalSentBytes(); | 899 int64_t total_sent_bytes = GetTotalSentBytes(); |
| 874 DCHECK_GE(total_sent_bytes, last_notified_total_sent_bytes_); | 900 DCHECK_GE(total_sent_bytes, last_notified_total_sent_bytes_); |
| 875 if (total_sent_bytes > last_notified_total_sent_bytes_) { | 901 if (total_sent_bytes > last_notified_total_sent_bytes_) { |
| 876 network_delegate_->NotifyNetworkBytesSent( | 902 network_delegate_->NotifyNetworkBytesSent( |
| 877 request_, total_sent_bytes - last_notified_total_sent_bytes_); | 903 request_, total_sent_bytes - last_notified_total_sent_bytes_); |
| 878 } | 904 } |
| 879 last_notified_total_sent_bytes_ = total_sent_bytes; | 905 last_notified_total_sent_bytes_ = total_sent_bytes; |
| 880 } | 906 } |
| 881 | 907 |
| 882 } // namespace net | 908 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2918313002:
Implement new referrer policies (Closed)
