Sanitizing the referrer header before starting the automation request.TEST=Run automation unit tests.BUG=none

Review URL: http://codereview.chromium.org/183004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24888 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 11 insertions, 1 deletions

diff --git a/chrome/browser/automation/url_request_automation_job.cc b/chrome/browser/automation/url_request_automation_job.cc
index 86f7ebb..2811d1b 100644
--- a/chrome/browser/automation/url_request_automation_job.cc
+++ b/chrome/browser/automation/url_request_automation_job.cc
@@ -359,11 +359,21 @@ void URLRequestAutomationJob::StartAsync() {
                                   kFilteredHeaderStrings,
                                   arraysize(kFilteredHeaderStrings)));
 
+  // Ensure that we do not send username and password fields in the referrer.
+  GURL referrer(request_->GetSanitizedReferrer());
+#ifndef NDEBUG
+  // The referrer header should be suppressed if the preceding URL was
+  // a secure one and the new one is not.
+  if (referrer.SchemeIsSecure() && !request_->url().SchemeIsSecure()) {
+    DCHECK(referrer.spec().empty());
+  }
+#endif
+
   // Ask automation to start this request.
   IPC::AutomationURLRequest automation_request = {
     request_->url().spec(),
     request_->method(),
-    request_->referrer(),
+    referrer.spec(),
     new_request_headers,
     request_->get_upload()
   };