| Index: net/url_request/url_request_job.cc
|
| diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc
|
| index 8b5c00211f4dd48dcc0556969ef9738b398aaabe..e2082525ce6b467c6144dedf3a81d6ddd7a75902 100644
|
| --- a/net/url_request/url_request_job.cc
|
| +++ b/net/url_request/url_request_job.cc
|
| @@ -87,6 +87,8 @@ URLRequest::ReferrerPolicy ProcessReferrerPolicyHeaderOnRedirect(
|
| UMA_HISTOGRAM_BOOLEAN("Net.URLRequest.ReferrerPolicyHeaderPresentOnRedirect",
|
| !policy_tokens.empty());
|
|
|
| + // Per https://w3c.github.io/webappsec-referrer-policy/#unknown-policy-values,
|
| + // use the last recognized policy value, and ignore unknown policies.
|
| for (const auto& token : policy_tokens) {
|
| if (base::CompareCaseInsensitiveASCII(token, "no-referrer") == 0) {
|
| new_policy = URLRequest::NO_REFERRER;
|
| @@ -115,6 +117,24 @@ URLRequest::ReferrerPolicy ProcessReferrerPolicyHeaderOnRedirect(
|
| new_policy = URLRequest::NEVER_CLEAR_REFERRER;
|
| continue;
|
| }
|
| +
|
| + if (base::CompareCaseInsensitiveASCII(token, "same-origin") == 0) {
|
| + new_policy = URLRequest::CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN;
|
| + continue;
|
| + }
|
| +
|
| + if (base::CompareCaseInsensitiveASCII(token, "strict-origin") == 0) {
|
| + new_policy =
|
| + URLRequest::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE;
|
| + continue;
|
| + }
|
| +
|
| + if (base::CompareCaseInsensitiveASCII(
|
| + token, "strict-origin-when-cross-origin") == 0) {
|
| + new_policy =
|
| + URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN;
|
| + continue;
|
| + }
|
| }
|
| return new_policy;
|
| }
|
| @@ -362,16 +382,14 @@ void URLRequestJob::GetConnectionAttempts(ConnectionAttempts* out) const {
|
| }
|
|
|
| // static
|
| -GURL URLRequestJob::ComputeReferrerForRedirect(
|
| - URLRequest::ReferrerPolicy policy,
|
| - const GURL& original_referrer,
|
| - const GURL& redirect_destination) {
|
| +GURL URLRequestJob::ComputeReferrerForPolicy(URLRequest::ReferrerPolicy policy,
|
| + const GURL& original_referrer,
|
| + const GURL& destination) {
|
| bool secure_referrer_but_insecure_destination =
|
| original_referrer.SchemeIsCryptographic() &&
|
| - !redirect_destination.SchemeIsCryptographic();
|
| + !destination.SchemeIsCryptographic();
|
| url::Origin referrer_origin(original_referrer);
|
| - bool same_origin =
|
| - referrer_origin.IsSameOriginWith(url::Origin(redirect_destination));
|
| + bool same_origin = referrer_origin.IsSameOriginWith(url::Origin(destination));
|
| switch (policy) {
|
| case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE:
|
| return secure_referrer_but_insecure_destination ? GURL()
|
| @@ -393,6 +411,14 @@ GURL URLRequestJob::ComputeReferrerForRedirect(
|
| return original_referrer;
|
| case URLRequest::ORIGIN:
|
| return referrer_origin.GetURL();
|
| + case URLRequest::CLEAR_REFERRER_ON_TRANSITION_CROSS_ORIGIN:
|
| + if (same_origin)
|
| + return original_referrer;
|
| + return GURL();
|
| + case URLRequest::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE:
|
| + if (secure_referrer_but_insecure_destination)
|
| + return GURL();
|
| + return referrer_origin.GetURL();
|
| case URLRequest::NO_REFERRER:
|
| return GURL();
|
| case URLRequest::MAX_REFERRER_POLICY:
|
| @@ -839,9 +865,9 @@ RedirectInfo URLRequestJob::ComputeRedirectInfo(const GURL& location,
|
|
|
| // Alter the referrer if redirecting cross-origin (especially HTTP->HTTPS).
|
| redirect_info.new_referrer =
|
| - ComputeReferrerForRedirect(redirect_info.new_referrer_policy,
|
| - GURL(request_->referrer()),
|
| - redirect_info.new_url)
|
| + ComputeReferrerForPolicy(redirect_info.new_referrer_policy,
|
| + GURL(request_->referrer()),
|
| + redirect_info.new_url)
|
| .spec();
|
|
|
| std::string include_referer;
|
|
|
Chromium Code Reviews
Issue 2918313002:
Implement new referrer policies (Closed)
