Index: net/url_request/url_request_job.cc |
diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc |
index 8b5c00211f4dd48dcc0556969ef9738b398aaabe..58425180279fa96e55cf2c17ab9a48a4b40e0b2f 100644 |
--- a/net/url_request/url_request_job.cc |
+++ b/net/url_request/url_request_job.cc |
@@ -115,6 +115,24 @@ URLRequest::ReferrerPolicy ProcessReferrerPolicyHeaderOnRedirect( |
new_policy = URLRequest::NEVER_CLEAR_REFERRER; |
continue; |
} |
+ |
+ if (base::CompareCaseInsensitiveASCII(token, "same-origin") == 0) { |
+ new_policy = URLRequest::CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN; |
mmenke
2017/06/07 21:03:58
Hrm...Wonder if it's better to have clearer policy
estark
2017/06/08 18:42:58
Agree, I think it would be better to match the tok
|
+ continue; |
+ } |
+ |
+ if (base::CompareCaseInsensitiveASCII(token, "strict-origin") == 0) { |
+ new_policy = |
+ URLRequest::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE; |
+ continue; |
+ } |
+ |
+ if (base::CompareCaseInsensitiveASCII( |
+ token, "strict-origin-when-cross-origin") == 0) { |
+ new_policy = |
+ URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN; |
+ continue; |
+ } |
} |
return new_policy; |
} |
@@ -393,6 +411,14 @@ GURL URLRequestJob::ComputeReferrerForRedirect( |
return original_referrer; |
case URLRequest::ORIGIN: |
return referrer_origin.GetURL(); |
+ case URLRequest::CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN: |
+ if (same_origin) |
+ return original_referrer; |
+ return GURL(); |
+ case URLRequest::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE: |
+ if (secure_referrer_but_insecure_destination) |
+ return GURL(); |
+ return referrer_origin.GetURL(); |
case URLRequest::NO_REFERRER: |
return GURL(); |
case URLRequest::MAX_REFERRER_POLICY: |