Chromium Code Reviews Chromium Code Reviews
Issue 714813003:
Referrer Policy: Add new policies to URLRequest. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ | 5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ |
| 6 #define NET_URL_REQUEST_URL_REQUEST_H_ | 6 #define NET_URL_REQUEST_URL_REQUEST_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 87 enum { | 87 enum { |
| 88 #define HTTP_ATOM(x) HTTP_ ## x, | 88 #define HTTP_ATOM(x) HTTP_ ## x, |
| 89 #include "net/http/http_atom_list.h" | 89 #include "net/http/http_atom_list.h" |
| 90 #undef HTTP_ATOM | 90 #undef HTTP_ATOM |
| 91 }; | 91 }; |
| 92 | 92 |
| 93 // Referrer policies (see set_referrer_policy): During server redirects, the | 93 // Referrer policies (see set_referrer_policy): During server redirects, the |
| 94 // referrer header might be cleared, if the protocol changes from HTTPS to | 94 // referrer header might be cleared, if the protocol changes from HTTPS to |
| 95 // HTTP. This is the default behavior of URLRequest, corresponding to | 95 // HTTP. This is the default behavior of URLRequest, corresponding to |
| 96 // CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE. Alternatively, the | 96 // CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE. Alternatively, the |
| 97 // referrer policy can be set to never change the referrer header. This | 97 // referrer policy can be set to strip the referrer down to an origin upon |
| 98 // behavior corresponds to NEVER_CLEAR_REFERRER. Embedders will want to use | 98 // cross-origin navigation (ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN), or |
| 99 // NEVER_CLEAR_REFERRER when implementing the meta-referrer support | 99 // never change the referrer header (NEVER_CLEAR_REFERRER). Embedders will |
| 100 // (http://wiki.whatwg.org/wiki/Meta_referrer) and sending requests with a | 100 // want to use these options when implementing referrer policy support |
| 101 // non-default referrer policy. Only the default referrer policy requires | 101 // (https://w3c.github.io/webappsec/specs/referrer-policy/). |
| 102 // the referrer to be cleared on transitions from HTTPS to HTTP. | 102 // |
| 103 // REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN is a slight variant | |
| 104 // on CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: if the request is | |
| 105 // redirected cross-origin, but does not degrade to an insecure connection, | |
| 106 // the referrer will be delivered with reduced granularity (e.g. an origin | |
| 107 // rather than a full URL). | |
|
mmenke
2014/11/19 16:29:03
I don't think your last paragraph makes it suffici
Mike West
2014/11/20 10:45:30
Attempted to clarify. WDYT?
| |
| 103 enum ReferrerPolicy { | 108 enum ReferrerPolicy { |
| 104 CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE, | 109 CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE, |
| 110 REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, | |
| 111 ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, | |
| 105 NEVER_CLEAR_REFERRER, | 112 NEVER_CLEAR_REFERRER, |
| 106 }; | 113 }; |
| 107 | 114 |
| 108 // First-party URL redirect policy: During server redirects, the first-party | 115 // First-party URL redirect policy: During server redirects, the first-party |
| 109 // URL for cookies normally doesn't change. However, if the request is a | 116 // URL for cookies normally doesn't change. However, if the request is a |
| 110 // top-level first-party request, the first-party URL should be updated to the | 117 // top-level first-party request, the first-party URL should be updated to the |
| 111 // URL on every redirect. | 118 // URL on every redirect. |
| 112 enum FirstPartyURLPolicy { | 119 enum FirstPartyURLPolicy { |
| 113 NEVER_CHANGE_FIRST_PARTY_URL, | 120 NEVER_CHANGE_FIRST_PARTY_URL, |
| 114 UPDATE_FIRST_PARTY_URL_ON_REDIRECT, | 121 UPDATE_FIRST_PARTY_URL_ON_REDIRECT, |
| (...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 287 static std::string ComputeMethodForRedirect(const std::string& method, | 294 static std::string ComputeMethodForRedirect(const std::string& method, |
| 288 int http_status_code); | 295 int http_status_code); |
| 289 | 296 |
| 290 // The referrer URL for the request. This header may actually be suppressed | 297 // The referrer URL for the request. This header may actually be suppressed |
| 291 // from the underlying network request for security reasons (e.g., a HTTPS | 298 // from the underlying network request for security reasons (e.g., a HTTPS |
| 292 // URL will not be sent as the referrer for a HTTP request). The referrer | 299 // URL will not be sent as the referrer for a HTTP request). The referrer |
| 293 // may only be changed before Start() is called. | 300 // may only be changed before Start() is called. |
| 294 const std::string& referrer() const { return referrer_; } | 301 const std::string& referrer() const { return referrer_; } |
| 295 // Referrer is sanitized to remove URL fragment, user name and password. | 302 // Referrer is sanitized to remove URL fragment, user name and password. |
| 296 void SetReferrer(const std::string& referrer); | 303 void SetReferrer(const std::string& referrer); |
| 304 // Returns true if the referrer is invalid for this request, given its | |
| 305 // referrer policy. This could mean that a secure referrer is set for a | |
| 306 // request which should have dropped it, or that a full referrer url is set | |
| 307 // for a request which should have trimmed it to an origin. | |
| 308 bool IsReferrerInvalid() const; | |
| 297 | 309 |
| 298 // The referrer policy to apply when updating the referrer during redirects. | 310 // The referrer policy to apply when updating the referrer during redirects. |
| 299 // The referrer policy may only be changed before Start() is called. | 311 // The referrer policy may only be changed before Start() is called. |
| 300 ReferrerPolicy referrer_policy() const { return referrer_policy_; } | 312 ReferrerPolicy referrer_policy() const { return referrer_policy_; } |
| 301 void set_referrer_policy(ReferrerPolicy referrer_policy); | 313 void set_referrer_policy(ReferrerPolicy referrer_policy); |
| 302 | 314 |
| 303 // Sets the delegate of the request. This value may be changed at any time, | 315 // Sets the delegate of the request. This value may be changed at any time, |
| 304 // and it is permissible for it to be null. | 316 // and it is permissible for it to be null. |
| 305 void set_delegate(Delegate* delegate); | 317 void set_delegate(Delegate* delegate); |
| 306 | 318 |
| (...skipping 527 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 834 | 846 |
| 835 // The proxy server used for this request, if any. | 847 // The proxy server used for this request, if any. |
| 836 HostPortPair proxy_server_; | 848 HostPortPair proxy_server_; |
| 837 | 849 |
| 838 DISALLOW_COPY_AND_ASSIGN(URLRequest); | 850 DISALLOW_COPY_AND_ASSIGN(URLRequest); |
| 839 }; | 851 }; |
| 840 | 852 |
| 841 } // namespace net | 853 } // namespace net |
| 842 | 854 |
| 843 #endif // NET_URL_REQUEST_URL_REQUEST_H_ | 855 #endif // NET_URL_REQUEST_URL_REQUEST_H_ |
| OLD | NEW |
