Referrer Policy: Add a flag to reduce `referer` granularity by default.

Source/platform/weborigin/SecurityPolicy.cpp

 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 11 matching lines @@
  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "config.h"
 #include "platform/weborigin/SecurityPolicy.h"
 
+#include "platform/RuntimeEnabledFeatures.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/OriginAccessEntry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "wtf/HashMap.h"
 #include "wtf/MainThread.h"
 #include "wtf/OwnPtr.h"
 #include "wtf/PassOwnPtr.h"
 #include "wtf/text/StringHash.h"
 
 namespace blink {
@@ skipping 37 matching lines @@
     case ReferrerPolicyAlways:
         return Referrer(referrer, referrerPolicy);
     case ReferrerPolicyOrigin: {
         String origin = SecurityOrigin::createFromString(referrer)->toString();
         if (origin == "null")
             return Referrer(String(), referrerPolicy);
         // A security origin is not a canonical URL as it lacks a path. Add /
         // to turn it into a canonical URL we can use as referrer.
         return Referrer(origin + "/", referrerPolicy);
     }
-    case ReferrerPolicyDefault:
+    case ReferrerPolicyDefault: {
+        // If the flag is enabled, and we're dealing with a cross-origin request, strip it.
+        // Otherwise fallthrough to NoReferrerWhenDowngrade behavior.
+        RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString(referrer);
+        RefPtr<SecurityOrigin> urlOrigin = SecurityOrigin::create(url);
+        if (RuntimeEnabledFeatures::reducedReferrerGranularityEnabled() && !urlOrigin->isSameSchemeHostPort(referrerOrigin.get())) {
+            String origin = referrerOrigin->toString();
+            if (origin == "null")
+                return Referrer(String(), referrerPolicy);
+            return Referrer(shouldHideReferrer(url, referrer) ? String() : origin + "/", referrerPolicy);

[jochen (gone - plz use gerrit), 2014/11/10 14:53:19]

why not NoReferrerWhenDowngrade instead of referrerPolicy?

[jochen (gone - plz use gerrit), 2014/11/10 14:53:19]

why not NoReferrerWhenDowngrade instead of referrerPolicy?

[Mike West, 2014/11/10 15:13:45]

Because that would break the eventual redirect processing; we need to know that
we're in default mode through the lifetime of the referrer if we want to handle
navigation from 'example.com' to ('example.com' (301) -> 'notexample.com').

Does that make sense, or is there an easier way?

+        }
+    }
     case ReferrerPolicyNoReferrerWhenDowngrade:
         break;
     }
 
     return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, referrerPolicy);
 }
 
 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin)
 {
     if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toString())) {
@@ skipping 51 matching lines @@
         map.remove(it);
 }
 
 void SecurityPolicy::resetOriginAccessWhitelists()
 {
     ASSERT(isMainThread());
     originAccessMap().clear();
 }
 
 } // namespace blink