Referrer Policy: Add new policies to URLRequest.

net/url_request/url_request_job.cc

Index: net/url_request/url_request_job.cc
diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc
index 5d32c6f78447b4d5439b82793e79ec5c3df94cf8..4dab76d65ac43c92377156f6029ac2908480a651 100644
--- a/net/url_request/url_request_job.cc
+++ b/net/url_request/url_request_job.cc
@@ -828,6 +828,40 @@ bool URLRequestJob::FilterHasData() {
 void URLRequestJob::UpdatePacketReadTimes() {
 }
 
+// Static.

[mmenke, 2014/11/20 16:23:45]

nit:  Think "// static" is more common (No period / not capitalized)

[Mike West, 2014/11/21 09:29:29]

Done.

+GURL URLRequestJob::ComputeReferrerForRedirect(
+    const URLRequest& request,
+    const GURL& redirect_destination) {

[mmenke, 2014/11/20 16:23:45]

Definition order should match declaration order.

[Mike West, 2014/11/21 09:29:29]

Done.

+  GURL original_referrer(request.referrer());
+  bool secure_referrer_but_insecure_destination =
+      original_referrer.SchemeIsSecure() &&
+      !redirect_destination.SchemeIsSecure();
+  bool same_origin =
+      original_referrer.GetOrigin() == redirect_destination.GetOrigin();
+  switch (request.referrer_policy()) {
+    case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE:
+      return secure_referrer_but_insecure_destination ? GURL()
+                                                      : original_referrer;
+
+    case URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN:
+      if (same_origin)
+        return original_referrer;
+      else if (secure_referrer_but_insecure_destination)
+        return GURL();
+      else
+        return original_referrer.GetOrigin();

[mmenke, 2014/11/20 16:23:45]

optional:  Think using braces in else/ifs is a little more common in net/

[Mike West, 2014/11/21 09:29:29]

Done.

+
+    case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN:
+      return same_origin ? original_referrer : original_referrer.GetOrigin();
+
+    case URLRequest::NEVER_CLEAR_REFERRER:
+      return original_referrer;
+  }
+
+  NOTREACHED();
+  return GURL();
+}
+
 RedirectInfo URLRequestJob::ComputeRedirectInfo(const GURL& location,
                                                 int http_status_code) {
   const GURL& url = request_->url();
@@ -863,15 +897,9 @@ RedirectInfo URLRequestJob::ComputeRedirectInfo(const GURL& location,
         request_->first_party_for_cookies();
   }
 
-  // Suppress the referrer if we're redirecting out of https.
-  if (request_->referrer_policy() ==
-          URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE &&
-      GURL(request_->referrer()).SchemeIsSecure() &&
-      !redirect_info.new_url.SchemeIsSecure()) {
-    redirect_info.new_referrer.clear();
-  } else {
-    redirect_info.new_referrer = request_->referrer();
-  }
+  // Alter the referrer if we're redirecting out of https or cross-origin.

[mmenke, 2014/11/20 16:23:45]

nit:  --we're

[Mike West, 2014/11/21 09:29:29]

Done.

+  redirect_info.new_referrer =
+      ComputeReferrerForRedirect(*request_, redirect_info.new_url).spec();
 
   return redirect_info;
 }