Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(321)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request.cc

Issue 714813003: Referrer Policy: Add new policies to URLRequest. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Helper. Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/url_request/url_request.h ('K') | « net/url_request/url_request.h ('k') | net/url_request/url_request_job.cc » ('j') | net/url_request/url_request_job.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request.h" 5 #include "net/url_request/url_request.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/callback.h" 9 #include "base/callback.h"
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
(...skipping 498 matching lines...) Expand 10 before | Expand all | Expand 10 after
509 void URLRequest::SetReferrer(const std::string& referrer) { 509 void URLRequest::SetReferrer(const std::string& referrer) {
510 DCHECK(!is_pending_); 510 DCHECK(!is_pending_);
511 GURL referrer_url(referrer); 511 GURL referrer_url(referrer);
512 if (referrer_url.is_valid()) { 512 if (referrer_url.is_valid()) {
513 referrer_ = referrer_url.GetAsReferrer().spec(); 513 referrer_ = referrer_url.GetAsReferrer().spec();
514 } else { 514 } else {
515 referrer_ = referrer; 515 referrer_ = referrer;
516 } 516 }
517 } 517 }
518 518
519 bool URLRequest::IsReferrerInvalid() const {
mmenke 2014/11/19 16:29:03 The new code here is not currently being exercised
mmenke 2014/11/19 16:29:03 Suggest moving this out of URLRequest and into an
mmenke 2014/11/19 16:29:03 As-is, this method is very hard to read. My sugge
Mike West 2014/11/20 10:45:30 Killed all of this in the new patchset. Thanks!
520 GURL referrer(referrer_);
521 bool referrer_policy_requires_secure_referrer_transitions =
522 referrer_policy_ ==
523 CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE ||
524 referrer_policy_ ==
525 REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN;
mmenke 2014/11/19 16:29:03 Rather than store a bool, why not just return fals
mmenke 2014/11/19 16:29:03 For security reasons, I suggest a whitelist rather
526 bool secure_referrer_in_insecure_request =
527 referrer.SchemeIsSecure() && !url().SchemeIsSecure();
mmenke 2014/11/19 16:29:03 Once you have the above code doing an early return
528 bool referrer_is_origin_only = referrer.GetOrigin() == referrer;
529 bool cross_origin_referrer = referrer.GetOrigin() != url().GetOrigin();
mmenke 2014/11/19 16:29:03 Suggest just inlining these bools in the if statem
530 return (referrer_policy_requires_secure_referrer_transitions &&
531 secure_referrer_in_insecure_request) ||
532 (referrer_policy_ ==
533 REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN &&
534 cross_origin_referrer && !referrer_is_origin_only);
535 }
536
519 void URLRequest::set_referrer_policy(ReferrerPolicy referrer_policy) { 537 void URLRequest::set_referrer_policy(ReferrerPolicy referrer_policy) {
520 DCHECK(!is_pending_); 538 DCHECK(!is_pending_);
521 referrer_policy_ = referrer_policy; 539 referrer_policy_ = referrer_policy;
522 } 540 }
523 541
524 void URLRequest::set_delegate(Delegate* delegate) { 542 void URLRequest::set_delegate(Delegate* delegate) {
525 delegate_ = delegate; 543 delegate_ = delegate;
526 } 544 }
527 545
528 void URLRequest::Start() { 546 void URLRequest::Start() {
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
643 job_->SetPriority(priority_); 661 job_->SetPriority(priority_);
644 662
645 if (upload_data_stream_.get()) 663 if (upload_data_stream_.get())
646 job_->SetUpload(upload_data_stream_.get()); 664 job_->SetUpload(upload_data_stream_.get());
647 665
648 is_pending_ = true; 666 is_pending_ = true;
649 is_redirecting_ = false; 667 is_redirecting_ = false;
650 668
651 response_info_.was_cached = false; 669 response_info_.was_cached = false;
652 670
653 // If the referrer is secure, but the requested URL is not, the referrer 671 if (IsReferrerInvalid()) {
654 // policy should be something non-default. If you hit this, please file a
655 // bug.
656 if (referrer_policy_ ==
657 CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE &&
658 GURL(referrer_).SchemeIsSecure() && !url().SchemeIsSecure()) {
659 if (!network_delegate_ || 672 if (!network_delegate_ ||
660 !network_delegate_->CancelURLRequestWithPolicyViolatingReferrerHeader( 673 !network_delegate_->CancelURLRequestWithPolicyViolatingReferrerHeader(
661 *this, url(), GURL(referrer_))) { 674 *this, url(), GURL(referrer_))) {
662 referrer_.clear(); 675 referrer_.clear();
663 } else { 676 } else {
664 // We need to clear the referrer anyway to avoid an infinite recursion 677 // We need to clear the referrer anyway to avoid an infinite recursion
665 // when starting the error job. 678 // when starting the error job.
666 referrer_.clear(); 679 referrer_.clear();
667 std::string source("delegate"); 680 std::string source("delegate");
668 net_log_.AddEvent(NetLog::TYPE_CANCELLED, 681 net_log_.AddEvent(NetLog::TYPE_CANCELLED,
(...skipping 560 matching lines...) Expand 10 before | Expand all | Expand 10 after
1229 new base::debug::StackTrace(NULL, 0); 1242 new base::debug::StackTrace(NULL, 0);
1230 *stack_trace_copy = stack_trace; 1243 *stack_trace_copy = stack_trace;
1231 stack_trace_.reset(stack_trace_copy); 1244 stack_trace_.reset(stack_trace_copy);
1232 } 1245 }
1233 1246
1234 const base::debug::StackTrace* URLRequest::stack_trace() const { 1247 const base::debug::StackTrace* URLRequest::stack_trace() const {
1235 return stack_trace_.get(); 1248 return stack_trace_.get();
1236 } 1249 }
1237 1250
1238 } // namespace net 1251 } // namespace net
OLDNEW
« net/url_request/url_request.h ('K') | « net/url_request/url_request.h ('k') | net/url_request/url_request_job.cc » ('j') | net/url_request/url_request_job.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698