OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/url_request/url_request.h" | 5 #include "net/url_request/url_request.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/callback.h" | 9 #include "base/callback.h" |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 498 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
509 void URLRequest::SetReferrer(const std::string& referrer) { | 509 void URLRequest::SetReferrer(const std::string& referrer) { |
510 DCHECK(!is_pending_); | 510 DCHECK(!is_pending_); |
511 GURL referrer_url(referrer); | 511 GURL referrer_url(referrer); |
512 if (referrer_url.is_valid()) { | 512 if (referrer_url.is_valid()) { |
513 referrer_ = referrer_url.GetAsReferrer().spec(); | 513 referrer_ = referrer_url.GetAsReferrer().spec(); |
514 } else { | 514 } else { |
515 referrer_ = referrer; | 515 referrer_ = referrer; |
516 } | 516 } |
517 } | 517 } |
518 | 518 |
519 bool URLRequest::IsReferrerInvalid() const { | |
mmenke
2014/11/19 16:29:03
The new code here is not currently being exercised
mmenke
2014/11/19 16:29:03
Suggest moving this out of URLRequest and into an
mmenke
2014/11/19 16:29:03
As-is, this method is very hard to read. My sugge
Mike West
2014/11/20 10:45:30
Killed all of this in the new patchset. Thanks!
| |
520 GURL referrer(referrer_); | |
521 bool referrer_policy_requires_secure_referrer_transitions = | |
522 referrer_policy_ == | |
523 CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE || | |
524 referrer_policy_ == | |
525 REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN; | |
mmenke
2014/11/19 16:29:03
Rather than store a bool, why not just return fals
mmenke
2014/11/19 16:29:03
For security reasons, I suggest a whitelist rather
| |
526 bool secure_referrer_in_insecure_request = | |
527 referrer.SchemeIsSecure() && !url().SchemeIsSecure(); | |
mmenke
2014/11/19 16:29:03
Once you have the above code doing an early return
| |
528 bool referrer_is_origin_only = referrer.GetOrigin() == referrer; | |
529 bool cross_origin_referrer = referrer.GetOrigin() != url().GetOrigin(); | |
mmenke
2014/11/19 16:29:03
Suggest just inlining these bools in the if statem
| |
530 return (referrer_policy_requires_secure_referrer_transitions && | |
531 secure_referrer_in_insecure_request) || | |
532 (referrer_policy_ == | |
533 REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN && | |
534 cross_origin_referrer && !referrer_is_origin_only); | |
535 } | |
536 | |
519 void URLRequest::set_referrer_policy(ReferrerPolicy referrer_policy) { | 537 void URLRequest::set_referrer_policy(ReferrerPolicy referrer_policy) { |
520 DCHECK(!is_pending_); | 538 DCHECK(!is_pending_); |
521 referrer_policy_ = referrer_policy; | 539 referrer_policy_ = referrer_policy; |
522 } | 540 } |
523 | 541 |
524 void URLRequest::set_delegate(Delegate* delegate) { | 542 void URLRequest::set_delegate(Delegate* delegate) { |
525 delegate_ = delegate; | 543 delegate_ = delegate; |
526 } | 544 } |
527 | 545 |
528 void URLRequest::Start() { | 546 void URLRequest::Start() { |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
643 job_->SetPriority(priority_); | 661 job_->SetPriority(priority_); |
644 | 662 |
645 if (upload_data_stream_.get()) | 663 if (upload_data_stream_.get()) |
646 job_->SetUpload(upload_data_stream_.get()); | 664 job_->SetUpload(upload_data_stream_.get()); |
647 | 665 |
648 is_pending_ = true; | 666 is_pending_ = true; |
649 is_redirecting_ = false; | 667 is_redirecting_ = false; |
650 | 668 |
651 response_info_.was_cached = false; | 669 response_info_.was_cached = false; |
652 | 670 |
653 // If the referrer is secure, but the requested URL is not, the referrer | 671 if (IsReferrerInvalid()) { |
654 // policy should be something non-default. If you hit this, please file a | |
655 // bug. | |
656 if (referrer_policy_ == | |
657 CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE && | |
658 GURL(referrer_).SchemeIsSecure() && !url().SchemeIsSecure()) { | |
659 if (!network_delegate_ || | 672 if (!network_delegate_ || |
660 !network_delegate_->CancelURLRequestWithPolicyViolatingReferrerHeader( | 673 !network_delegate_->CancelURLRequestWithPolicyViolatingReferrerHeader( |
661 *this, url(), GURL(referrer_))) { | 674 *this, url(), GURL(referrer_))) { |
662 referrer_.clear(); | 675 referrer_.clear(); |
663 } else { | 676 } else { |
664 // We need to clear the referrer anyway to avoid an infinite recursion | 677 // We need to clear the referrer anyway to avoid an infinite recursion |
665 // when starting the error job. | 678 // when starting the error job. |
666 referrer_.clear(); | 679 referrer_.clear(); |
667 std::string source("delegate"); | 680 std::string source("delegate"); |
668 net_log_.AddEvent(NetLog::TYPE_CANCELLED, | 681 net_log_.AddEvent(NetLog::TYPE_CANCELLED, |
(...skipping 560 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1229 new base::debug::StackTrace(NULL, 0); | 1242 new base::debug::StackTrace(NULL, 0); |
1230 *stack_trace_copy = stack_trace; | 1243 *stack_trace_copy = stack_trace; |
1231 stack_trace_.reset(stack_trace_copy); | 1244 stack_trace_.reset(stack_trace_copy); |
1232 } | 1245 } |
1233 | 1246 |
1234 const base::debug::StackTrace* URLRequest::stack_trace() const { | 1247 const base::debug::StackTrace* URLRequest::stack_trace() const { |
1235 return stack_trace_.get(); | 1248 return stack_trace_.get(); |
1236 } | 1249 } |
1237 | 1250 |
1238 } // namespace net | 1251 } // namespace net |
OLD | NEW |