Index: net/url_request/url_request_job.cc |
diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc |
index 5d32c6f78447b4d5439b82793e79ec5c3df94cf8..4dab76d65ac43c92377156f6029ac2908480a651 100644 |
--- a/net/url_request/url_request_job.cc |
+++ b/net/url_request/url_request_job.cc |
@@ -828,6 +828,40 @@ bool URLRequestJob::FilterHasData() { |
void URLRequestJob::UpdatePacketReadTimes() { |
} |
+// Static. |
mmenke
2014/11/20 16:23:45
nit: Think "// static" is more common (No period
Mike West
2014/11/21 09:29:29
Done.
|
+GURL URLRequestJob::ComputeReferrerForRedirect( |
+ const URLRequest& request, |
+ const GURL& redirect_destination) { |
mmenke
2014/11/20 16:23:45
Definition order should match declaration order.
Mike West
2014/11/21 09:29:29
Done.
|
+ GURL original_referrer(request.referrer()); |
+ bool secure_referrer_but_insecure_destination = |
+ original_referrer.SchemeIsSecure() && |
+ !redirect_destination.SchemeIsSecure(); |
+ bool same_origin = |
+ original_referrer.GetOrigin() == redirect_destination.GetOrigin(); |
+ switch (request.referrer_policy()) { |
+ case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE: |
+ return secure_referrer_but_insecure_destination ? GURL() |
+ : original_referrer; |
+ |
+ case URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN: |
+ if (same_origin) |
+ return original_referrer; |
+ else if (secure_referrer_but_insecure_destination) |
+ return GURL(); |
+ else |
+ return original_referrer.GetOrigin(); |
mmenke
2014/11/20 16:23:45
optional: Think using braces in else/ifs is a lit
Mike West
2014/11/21 09:29:29
Done.
|
+ |
+ case URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN: |
+ return same_origin ? original_referrer : original_referrer.GetOrigin(); |
+ |
+ case URLRequest::NEVER_CLEAR_REFERRER: |
+ return original_referrer; |
+ } |
+ |
+ NOTREACHED(); |
+ return GURL(); |
+} |
+ |
RedirectInfo URLRequestJob::ComputeRedirectInfo(const GURL& location, |
int http_status_code) { |
const GURL& url = request_->url(); |
@@ -863,15 +897,9 @@ RedirectInfo URLRequestJob::ComputeRedirectInfo(const GURL& location, |
request_->first_party_for_cookies(); |
} |
- // Suppress the referrer if we're redirecting out of https. |
- if (request_->referrer_policy() == |
- URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE && |
- GURL(request_->referrer()).SchemeIsSecure() && |
- !redirect_info.new_url.SchemeIsSecure()) { |
- redirect_info.new_referrer.clear(); |
- } else { |
- redirect_info.new_referrer = request_->referrer(); |
- } |
+ // Alter the referrer if we're redirecting out of https or cross-origin. |
mmenke
2014/11/20 16:23:45
nit: --we're
Mike West
2014/11/21 09:29:29
Done.
|
+ redirect_info.new_referrer = |
+ ComputeReferrerForRedirect(*request_, redirect_info.new_url).spec(); |
return redirect_info; |
} |