Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(381)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/public/common/referrer.cc

Issue 890473003: Add missig referrer policies to sanitization code (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/command_line.h" 5 #include "base/command_line.h"
6 #include "content/public/common/content_switches.h" 6 #include "content/public/common/content_switches.h"
7 #include "content/public/common/referrer.h" 7 #include "content/public/common/referrer.h"
8 8
9 namespace content { 9 namespace content {
10 10
11 // static. 11 // static.
12 Referrer Referrer::SanitizeForRequest(const GURL& request, 12 Referrer Referrer::SanitizeForRequest(const GURL& request,
13 const Referrer& referrer) { 13 const Referrer& referrer) {
14 Referrer sanitized_referrer(referrer.url.GetAsReferrer(), referrer.policy); 14 Referrer sanitized_referrer(referrer.url.GetAsReferrer(), referrer.policy);
15 15
16 if (!request.SchemeIsHTTPOrHTTPS() || 16 if (!request.SchemeIsHTTPOrHTTPS() ||
17 !sanitized_referrer.url.SchemeIsHTTPOrHTTPS()) { 17 !sanitized_referrer.url.SchemeIsHTTPOrHTTPS()) {
18 sanitized_referrer.url = GURL(); 18 sanitized_referrer.url = GURL();
19 return sanitized_referrer; 19 return sanitized_referrer;
20 } 20 }
21 21
22 bool is_downgrade = 22 bool is_downgrade =
23 sanitized_referrer.url.SchemeIsSecure() && !request.SchemeIsSecure(); 23 sanitized_referrer.url.SchemeIsSecure() && !request.SchemeIsSecure();
24 24
25 if (sanitized_referrer.policy < 0 ||
26 sanitized_referrer.policy > blink::WebReferrerPolicyLast) {
27 NOTREACHED();
28 sanitized_referrer.policy = blink::WebReferrerPolicyNever;
29 }
30
25 switch (sanitized_referrer.policy) { 31 switch (sanitized_referrer.policy) {
26 case blink::WebReferrerPolicyDefault: 32 case blink::WebReferrerPolicyDefault:
27 if (is_downgrade) { 33 if (is_downgrade) {
28 sanitized_referrer.url = GURL(); 34 sanitized_referrer.url = GURL();
29 } else if (request.GetOrigin() != sanitized_referrer.url.GetOrigin() && 35 } else if (request.GetOrigin() != sanitized_referrer.url.GetOrigin() &&
30 base::CommandLine::ForCurrentProcess()->HasSwitch( 36 base::CommandLine::ForCurrentProcess()->HasSwitch(
31 switches::kReducedReferrerGranularity)) { 37 switches::kReducedReferrerGranularity)) {
32 sanitized_referrer.url = sanitized_referrer.url.GetOrigin(); 38 sanitized_referrer.url = sanitized_referrer.url.GetOrigin();
33 } 39 }
34 break; 40 break;
35 case blink::WebReferrerPolicyNoReferrerWhenDowngrade: 41 case blink::WebReferrerPolicyNoReferrerWhenDowngrade:
36 if (is_downgrade) 42 if (is_downgrade)
37 sanitized_referrer.url = GURL(); 43 sanitized_referrer.url = GURL();
38 break; 44 break;
39 case blink::WebReferrerPolicyAlways: 45 case blink::WebReferrerPolicyAlways:
40 break; 46 break;
41 case blink::WebReferrerPolicyNever: 47 case blink::WebReferrerPolicyNever:
42 sanitized_referrer.url = GURL(); 48 sanitized_referrer.url = GURL();
43 break; 49 break;
44 case blink::WebReferrerPolicyOrigin: 50 case blink::WebReferrerPolicyOrigin:
45 sanitized_referrer.url = sanitized_referrer.url.GetOrigin(); 51 sanitized_referrer.url = sanitized_referrer.url.GetOrigin();
46 break; 52 break;
47 default: 53 case blink::WebReferrerPolicyOriginWhenCrossOrigin:
48 NOTREACHED(); 54 if (request.GetOrigin() != sanitized_referrer.url.GetOrigin())
55 sanitized_referrer.url = sanitized_referrer.url.GetOrigin();
49 break; 56 break;
50 } 57 }
51 return sanitized_referrer; 58 return sanitized_referrer;
52 } 59 }
53 60
54 } // namespace content 61 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698