Referrer Policy: Add new policies to URLRequest.

net/url_request/url_request_job.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_job.h"
 
 #include "base/bind.h"
 #include "base/compiler_specific.h"
 #include "base/message_loop/message_loop.h"
 #include "base/power_monitor/power_monitor.h"
@@ skipping 810 matching lines @@
     network_delegate_->NotifyRawBytesRead(*request_, bytes_read);
 }
 
 bool URLRequestJob::FilterHasData() {
     return filter_.get() && filter_->stream_data_len();
 }
 
 void URLRequestJob::UpdatePacketReadTimes() {
 }
 
+// Static.

[mmenke, 2014/11/20 16:23:45]

nit:  Think "// static" is more common (No period / not capitalized)

[Mike West, 2014/11/21 09:29:29]

Done.

+GURL URLRequestJob::ComputeReferrerForRedirect(
+    const URLRequest& request,
+    const GURL& redirect_destination) {

[mmenke, 2014/11/20 16:23:45]

Definition order should match declaration order.

[Mike West, 2014/11/21 09:29:29]

Done.

+  GURL original_referrer(request.referrer());
+  bool secure_referrer_but_insecure_destination =
+      original_referrer.SchemeIsSecure() &&
+      !redirect_destination.SchemeIsSecure();
+  bool same_origin =
+      original_referrer.GetOrigin() == redirect_destination.GetOrigin();
+  switch (request.referrer_policy()) {
+    case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE:
+      return secure_referrer_but_insecure_destination ? GURL()
+                                                      : original_referrer;
+
+    case URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN:
+      if (same_origin)
+        return original_referrer;
+      else if (secure_referrer_but_insecure_destination)
+        return GURL();
+      else
+        return original_referrer.GetOrigin();

[mmenke, 2014/11/20 16:23:45]

optional:  Think using braces in else/ifs is a little more common in net/

[Mike West, 2014/11/21 09:29:29]

Done.

+
+    case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN:
+      return same_origin ? original_referrer : original_referrer.GetOrigin();
+
+    case URLRequest::NEVER_CLEAR_REFERRER:
+      return original_referrer;
+  }
+
+  NOTREACHED();
+  return GURL();
+}
+
 RedirectInfo URLRequestJob::ComputeRedirectInfo(const GURL& location,
                                                 int http_status_code) {
   const GURL& url = request_->url();
 
   RedirectInfo redirect_info;
 
   redirect_info.status_code = http_status_code;
 
   // The request method may change, depending on the status code.
   redirect_info.new_method = URLRequest::ComputeMethodForRedirect(
@@ skipping 15 matching lines @@
 
   // Update the first-party URL if appropriate.
   if (request_->first_party_url_policy() ==
           URLRequest::UPDATE_FIRST_PARTY_URL_ON_REDIRECT) {
     redirect_info.new_first_party_for_cookies = redirect_info.new_url;
   } else {
     redirect_info.new_first_party_for_cookies =
         request_->first_party_for_cookies();
   }
 
-  // Suppress the referrer if we're redirecting out of https.
-  if (request_->referrer_policy() ==
-          URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE &&
-      GURL(request_->referrer()).SchemeIsSecure() &&
-      !redirect_info.new_url.SchemeIsSecure()) {
-    redirect_info.new_referrer.clear();
-  } else {
-    redirect_info.new_referrer = request_->referrer();
-  }
+  // Alter the referrer if we're redirecting out of https or cross-origin.

[mmenke, 2014/11/20 16:23:45]

nit:  --we're

[Mike West, 2014/11/21 09:29:29]

Done.

+  redirect_info.new_referrer =
+      ComputeReferrerForRedirect(*request_, redirect_info.new_url).spec();
 
   return redirect_info;
 }
 
 }  // namespace net