diff options
| author | jochen@chromium.org <jochen@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-10 07:22:40 +0000 |
|---|---|---|
| committer | jochen@chromium.org <jochen@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-10 07:22:40 +0000 |
| commit | 860c85d54df2b9b5008dbadacb534657e9876c3b (patch) | |
| tree | 045283f3b933b447830c051fb17713bc916862d2 | |
| parent | cc0d9d4e30d7702ad93c88b4e031e308ec4b74e8 (diff) | |
| download | chromium_src-860c85d54df2b9b5008dbadacb534657e9876c3b.zip chromium_src-860c85d54df2b9b5008dbadacb534657e9876c3b.tar.gz chromium_src-860c85d54df2b9b5008dbadacb534657e9876c3b.tar.bz2 | |
Add option to suppress HTTP Referer header.
BUG=none
TEST=start chrome and run tcpdump -A. Should be contain any referer header.
Review URL: http://codereview.chromium.org/600008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@38587 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/renderer_host/resource_dispatcher_host.cc | 11 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 3 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 3 | ||||
| -rw-r--r-- | net/http/http_network_transaction.cc | 12 |
4 files changed, 23 insertions, 6 deletions
diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.cc b/chrome/browser/renderer_host/resource_dispatcher_host.cc index b92c6a9..4885423 100644 --- a/chrome/browser/renderer_host/resource_dispatcher_host.cc +++ b/chrome/browser/renderer_host/resource_dispatcher_host.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -379,7 +379,8 @@ void ResourceDispatcherHost::BeginRequest( URLRequest* request = new URLRequest(request_data.url, this); request->set_method(request_data.method); request->set_first_party_for_cookies(request_data.first_party_for_cookies); - request->set_referrer(request_data.referrer.spec()); + request->set_referrer(CommandLine::ForCurrentProcess()->HasSwitch( + switches::kNoReferrers) ? std::string() : request_data.referrer.spec()); request->SetExtraRequestHeaders(request_data.headers); int load_flags = request_data.load_flags; @@ -615,7 +616,8 @@ void ResourceDispatcherHost::BeginDownload( } request->set_method("GET"); - request->set_referrer(referrer.spec()); + request->set_referrer(CommandLine::ForCurrentProcess()->HasSwitch( + switches::kNoReferrers) ? std::string() : referrer.spec()); request->set_context(request_context); request->set_load_flags(request->load_flags() | net::LOAD_IS_DOWNLOAD); @@ -671,7 +673,8 @@ void ResourceDispatcherHost::BeginSaveFile(const GURL& url, URLRequest* request = new URLRequest(url, this); request->set_method("GET"); - request->set_referrer(referrer.spec()); + request->set_referrer(CommandLine::ForCurrentProcess()->HasSwitch( + switches::kNoReferrers) ? std::string() : referrer.spec()); // So far, for saving page, we need fetch content from cache, in the // future, maybe we can use a configuration to configure this behavior. request->set_load_flags(net::LOAD_PREFERRING_CACHE); diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index db0e7d3..8b8fa20 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -437,6 +437,9 @@ const char kNoFirstRun[] = "no-first-run"; // Pages may still be able to generate inconsistent data from plugins. const char kNoJsRandomness[] = "no-js-randomness"; +// Don't send HTTP-Referer headers. +const char kNoReferrers[] = "no-referrers"; + // Don't use a proxy server, always make direct connections. Overrides any // other proxy server flags that are passed. const char kNoProxyServer[] = "no-proxy-server"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 8ba978e4..141082e 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -134,6 +134,7 @@ extern const char kNoEvents[]; extern const char kNoFirstRun[]; extern const char kNoJsRandomness[]; extern const char kNoProxyServer[]; +extern const char kNoReferrers[]; extern const char kNoSandbox[]; extern const char kOmniBoxPopupCount[]; extern const char kOpenInNewWindow[]; diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index c7c5d35..a37edb4 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -48,6 +48,15 @@ void BuildRequestHeaders(const HttpRequestInfo* request_info, const UploadDataStream* upload_data_stream, bool using_proxy, std::string* request_headers) { + // Headers that will be stripped from request_info->extra_headers to prevent, + // e.g., plugins from overriding headers that are controlled using other + // means. Otherwise a plugin could set a referrer although sending the + // referrer is inhibited. + // TODO(jochen): check whether also other headers should be stripped. + static const char* const kExtraHeadersToBeStripped[] = { + "Referer" + }; + const std::string path = using_proxy ? HttpUtil::SpecForRequest(request_info->url) : HttpUtil::PathForRequest(request_info->url); @@ -98,7 +107,8 @@ void BuildRequestHeaders(const HttpRequestInfo* request_info, // TODO(darin): Need to prune out duplicate headers. - *request_headers += request_info->extra_headers; + *request_headers += HttpUtil::StripHeaders(request_info->extra_headers, + kExtraHeadersToBeStripped, arraysize(kExtraHeadersToBeStripped)); *request_headers += "\r\n"; } |