Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(259)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request.cc

Issue 714813003: Referrer Policy: Add new policies to URLRequest. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Helper. Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/url_request/url_request.h ('K') | « net/url_request/url_request.h ('k') | net/url_request/url_request_job.cc » ('j') | net/url_request/url_request_job.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request.cc
diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
index a2ce07eaf13057c5608b9467e377ed77a9e98240..07531cd247e0f51b484eb1a37643275fd8228b07 100644
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -516,6 +516,24 @@ void URLRequest::SetReferrer(const std::string& referrer) {
}
}
+bool URLRequest::IsReferrerInvalid() const {
mmenke 2014/11/19 16:29:03 The new code here is not currently being exercised
mmenke 2014/11/19 16:29:03 Suggest moving this out of URLRequest and into an
mmenke 2014/11/19 16:29:03 As-is, this method is very hard to read. My sugge
Mike West 2014/11/20 10:45:30 Killed all of this in the new patchset. Thanks!
+ GURL referrer(referrer_);
+ bool referrer_policy_requires_secure_referrer_transitions =
+ referrer_policy_ ==
+ CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE ||
+ referrer_policy_ ==
+ REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN;
mmenke 2014/11/19 16:29:03 Rather than store a bool, why not just return fals
mmenke 2014/11/19 16:29:03 For security reasons, I suggest a whitelist rather
+ bool secure_referrer_in_insecure_request =
+ referrer.SchemeIsSecure() && !url().SchemeIsSecure();
mmenke 2014/11/19 16:29:03 Once you have the above code doing an early return
+ bool referrer_is_origin_only = referrer.GetOrigin() == referrer;
+ bool cross_origin_referrer = referrer.GetOrigin() != url().GetOrigin();
mmenke 2014/11/19 16:29:03 Suggest just inlining these bools in the if statem
+ return (referrer_policy_requires_secure_referrer_transitions &&
+ secure_referrer_in_insecure_request) ||
+ (referrer_policy_ ==
+ REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN &&
+ cross_origin_referrer && !referrer_is_origin_only);
+}
+
void URLRequest::set_referrer_policy(ReferrerPolicy referrer_policy) {
DCHECK(!is_pending_);
referrer_policy_ = referrer_policy;
@@ -650,12 +668,7 @@ void URLRequest::StartJob(URLRequestJob* job) {
response_info_.was_cached = false;
- // If the referrer is secure, but the requested URL is not, the referrer
- // policy should be something non-default. If you hit this, please file a
- // bug.
- if (referrer_policy_ ==
- CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE &&
- GURL(referrer_).SchemeIsSecure() && !url().SchemeIsSecure()) {
+ if (IsReferrerInvalid()) {
if (!network_delegate_ ||
!network_delegate_->CancelURLRequestWithPolicyViolatingReferrerHeader(
*this, url(), GURL(referrer_))) {
« net/url_request/url_request.h ('K') | « net/url_request/url_request.h ('k') | net/url_request/url_request_job.cc » ('j') | net/url_request/url_request_job.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698