Index: Source/platform/weborigin/SecurityPolicy.cpp |
diff --git a/Source/platform/weborigin/SecurityPolicy.cpp b/Source/platform/weborigin/SecurityPolicy.cpp |
index 92101a7207be0db1202144c443b14e5f3bb0a13e..631b1bbdcf78f064f97bda8f079a3e6772de8a4a 100644 |
--- a/Source/platform/weborigin/SecurityPolicy.cpp |
+++ b/Source/platform/weborigin/SecurityPolicy.cpp |
@@ -29,6 +29,7 @@ |
#include "config.h" |
#include "platform/weborigin/SecurityPolicy.h" |
+#include "platform/RuntimeEnabledFeatures.h" |
#include "platform/weborigin/KURL.h" |
#include "platform/weborigin/OriginAccessEntry.h" |
#include "platform/weborigin/SecurityOrigin.h" |
@@ -86,7 +87,18 @@ Referrer SecurityPolicy::generateReferrer(ReferrerPolicy referrerPolicy, const K |
// to turn it into a canonical URL we can use as referrer. |
return Referrer(origin + "/", referrerPolicy); |
} |
- case ReferrerPolicyDefault: |
+ case ReferrerPolicyDefault: { |
+ // If the flag is enabled, and we're dealing with a cross-origin request, strip it. |
+ // Otherwise fallthrough to NoReferrerWhenDowngrade behavior. |
+ RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString(referrer); |
+ RefPtr<SecurityOrigin> urlOrigin = SecurityOrigin::create(url); |
+ if (RuntimeEnabledFeatures::reducedReferrerGranularityEnabled() && !urlOrigin->isSameSchemeHostPort(referrerOrigin.get())) { |
+ String origin = referrerOrigin->toString(); |
+ if (origin == "null") |
+ return Referrer(String(), referrerPolicy); |
+ return Referrer(shouldHideReferrer(url, referrer) ? String() : origin + "/", referrerPolicy); |
jochen (gone - plz use gerrit)
2014/11/10 14:53:19
why not NoReferrerWhenDowngrade instead of referre
jochen (gone - plz use gerrit)
2014/11/10 14:53:19
why not NoReferrerWhenDowngrade instead of referre
Mike West
2014/11/10 15:13:45
Because that would break the eventual redirect pro
|
+ } |
+ } |
case ReferrerPolicyNoReferrerWhenDowngrade: |
break; |
} |