Referrer Policy: Add new policies to URLRequest.

net/url_request/url_request_unittest.cc

Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 1d777dc50b9068f9e455b6d93e5dde4269161b57..843a3a3203d996d0e67d5079bcba9cb55122848c 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -3913,32 +3913,6 @@ TEST_F(URLRequestTestHTTP, GetZippedTest) {
   }
 }
 
-TEST_F(URLRequestTestHTTP, HTTPSToHTTPRedirectNoRefererTest) {
-  ASSERT_TRUE(test_server_.Start());
-
-  SpawnedTestServer https_test_server(
-      SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::kLocalhost,
-      base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
-  ASSERT_TRUE(https_test_server.Start());
-
-  // An https server is sent a request with an https referer,
-  // and responds with a redirect to an http url. The http
-  // server should not be sent the referer.
-  GURL http_destination = test_server_.GetURL(std::string());
-  TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
-      https_test_server.GetURL("server-redirect?" + http_destination.spec()),
-      DEFAULT_PRIORITY, &d, NULL));
-  req->SetReferrer("https://www.referrer.com/");
-  req->Start();
-  base::RunLoop().Run();
-
-  EXPECT_EQ(1, d.response_started_count());
-  EXPECT_EQ(1, d.received_redirect_count());
-  EXPECT_EQ(http_destination, req->url());
-  EXPECT_EQ(std::string(), req->referrer());
-}
-
 TEST_F(URLRequestTestHTTP, RedirectLoadTiming) {
   ASSERT_TRUE(test_server_.Start());
 
@@ -6727,6 +6701,208 @@ TEST_F(URLRequestInterceptorTestHTTP,
   EXPECT_EQ(2, default_network_delegate()->headers_received_count());
 }
 
+class URLRequestTestReferrerPolicy : public URLRequestTest {
+ public:
+  URLRequestTestReferrerPolicy() {}
+
+  void InstantiateServers(SpawnedTestServer::Type origin_type,
+                          const char* origin_hostname,
+                          SpawnedTestServer::Type destination_type,
+                          const char* destination_hostname) {
+    origin_server_.reset(new SpawnedTestServer(
+        origin_type, origin_hostname,
+        origin_type == SpawnedTestServer::TYPE_HTTPS
+            ? base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))
+            : base::FilePath(
+                  FILE_PATH_LITERAL("net/data/url_request_unittest"))));
+    ASSERT_TRUE(origin_server_->Start());
+
+    if (origin_type != destination_type ||
+        origin_hostname != destination_hostname) {
+      destination_server_.reset(new SpawnedTestServer(
+          destination_type, destination_hostname,
+          destination_type == SpawnedTestServer::TYPE_HTTPS
+              ? base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))
+              : base::FilePath(
+                    FILE_PATH_LITERAL("net/data/url_request_unittest"))));
+      ASSERT_TRUE(destination_server_->Start());
+    }
+  }
+
+  void VerifyReferrerAfterRedirect(URLRequest::ReferrerPolicy policy,
+                                   const GURL& referrer,
+                                   const GURL& expected) {
+    // Create and execute the request: we'll only have a |destination_server_|
+    // if the origins are meant to be distinct. Otherwise, we'll use the
+    // |origin_server_| for both endpoints.
+    GURL destination_url = destination_server_
+                               ? destination_server_->GetURL(std::string())
+                               : origin_server_->GetURL(std::string());

[mmenke, 2014/11/20 16:23:45]

Maybe use GetURL("/echoheader?Referrer"), and then check that 
d->data_received() is also equal to expected.spec(), in addition to checking
req->referrer()?

[Mike West, 2014/11/21 09:29:29]

Good idea! Done.

+    GURL origin_url =
+        origin_server_->GetURL("server-redirect?" + destination_url.spec());
+
+    TestDelegate d;
+    scoped_ptr<URLRequest> req(
+        default_context_.CreateRequest(origin_url, DEFAULT_PRIORITY, &d, NULL));
+    req->set_referrer_policy(policy);
+    req->SetReferrer(referrer.spec());
+    req->Start();
+    base::RunLoop().Run();
+
+    EXPECT_EQ(1, d.response_started_count());
+    EXPECT_EQ(1, d.received_redirect_count());
+    EXPECT_EQ(destination_url, req->url());

[mmenke, 2014/11/20 16:23:45]

Maybe add "EXPECT_EQ(200, req->response_headers()->response_code());", just out
of paranoia?

[Mike West, 2014/11/21 09:29:29]

The paranoia was justified! HTTPS SpawnedTestServer doesn't respond on anything
other than 127.0.0.1. :(

Revamped tests to avoid `localhost`.

+
+    EXPECT_EQ(expected.spec(), req->referrer());
+  }
+
+ protected:

[mmenke, 2014/11/20 16:23:45]

Style guide requires all class variables be private, so just makes these private
and add accessors.

[Mike West, 2014/11/21 09:29:29]

Done.

+  scoped_ptr<SpawnedTestServer> origin_server_;
+  scoped_ptr<SpawnedTestServer> destination_server_;
+};
+
+TEST_F(URLRequestTestReferrerPolicy, HTTPToSameOriginHTTP) {
+  InstantiateServers(SpawnedTestServer::TYPE_HTTP, "127.0.0.1",
+                     SpawnedTestServer::TYPE_HTTP, "127.0.0.1");
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(URLRequest::NEVER_CLEAR_REFERRER,
+                              origin_server_->GetURL("path/to/file.html"),
+                              origin_server_->GetURL("path/to/file.html"));
+}
+
+TEST_F(URLRequestTestReferrerPolicy, HTTPToCrossOriginHTTP) {
+  InstantiateServers(SpawnedTestServer::TYPE_HTTP, "127.0.0.1",
+                     SpawnedTestServer::TYPE_HTTP, "localhost");
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL(std::string()));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL(std::string()));
+
+  VerifyReferrerAfterRedirect(URLRequest::NEVER_CLEAR_REFERRER,
+                              origin_server_->GetURL("path/to/file.html"),
+                              origin_server_->GetURL("path/to/file.html"));
+}
+
+TEST_F(URLRequestTestReferrerPolicy, HTTPSToSameOriginHTTPS) {
+  InstantiateServers(SpawnedTestServer::TYPE_HTTPS, "127.0.0.1",
+                     SpawnedTestServer::TYPE_HTTPS, "127.0.0.1");
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(URLRequest::NEVER_CLEAR_REFERRER,
+                              origin_server_->GetURL("path/to/file.html"),
+                              origin_server_->GetURL("path/to/file.html"));
+}
+
+TEST_F(URLRequestTestReferrerPolicy, HTTPSToCrossOriginHTTPS) {
+  InstantiateServers(SpawnedTestServer::TYPE_HTTPS, "127.0.0.1",
+                     SpawnedTestServer::TYPE_HTTPS, "localhost");
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL(std::string()));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL(std::string()));
+
+  VerifyReferrerAfterRedirect(URLRequest::NEVER_CLEAR_REFERRER,
+                              origin_server_->GetURL("path/to/file.html"),
+                              origin_server_->GetURL("path/to/file.html"));
+}
+
+TEST_F(URLRequestTestReferrerPolicy, HTTPToHTTPS) {
+  InstantiateServers(SpawnedTestServer::TYPE_HTTP, "127.0.0.1",
+                     SpawnedTestServer::TYPE_HTTPS, "localhost");
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL("path/to/file.html"));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL(std::string()));
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL(std::string()));
+
+  VerifyReferrerAfterRedirect(URLRequest::NEVER_CLEAR_REFERRER,
+                              origin_server_->GetURL("path/to/file.html"),
+                              origin_server_->GetURL("path/to/file.html"));
+}
+
+TEST_F(URLRequestTestReferrerPolicy, HTTPSToHTTP) {
+  InstantiateServers(SpawnedTestServer::TYPE_HTTPS, "127.0.0.1",
+                     SpawnedTestServer::TYPE_HTTP, "localhost");
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+      origin_server_->GetURL("path/to/file.html"), GURL());
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"), GURL());
+
+  VerifyReferrerAfterRedirect(
+      URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
+      origin_server_->GetURL("path/to/file.html"),
+      origin_server_->GetURL(std::string()));
+
+  VerifyReferrerAfterRedirect(URLRequest::NEVER_CLEAR_REFERRER,
+                              origin_server_->GetURL("path/to/file.html"),
+                              origin_server_->GetURL("path/to/file.html"));
+}
+
 class HTTPSRequestTest : public testing::Test {
  public:
   HTTPSRequestTest() : default_context_(true) {