diff options
| author | nasko@chromium.org <nasko@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-05 19:46:52 +0000 |
|---|---|---|
| committer | nasko@chromium.org <nasko@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-05 19:46:52 +0000 |
| commit | 324b3a1c3b9925d4e85e3b288a77ea3e0e946eb0 (patch) | |
| tree | f059761c58938b8b055c1643826b851c2734ad59 /components/sessions | |
| parent | c69e3458cabc15a42b9f603a49abc1586a438bee (diff) | |
| download | chromium_src-324b3a1c3b9925d4e85e3b288a77ea3e0e946eb0.zip chromium_src-324b3a1c3b9925d4e85e3b288a77ea3e0e946eb0.tar.gz chromium_src-324b3a1c3b9925d4e85e3b288a77ea3e0e946eb0.tar.bz2 | |
Sanitize referrer in context menus.
This CL adds a method to content::Referrer that allows for sanitizing the referrer before making a network request and uses it to scrub the Referer header for requests originating in the context menu.
It is based on work started by cbentzel@ in https://codereview.chromium.org/277903002/.
BUG=357473
Review URL: https://codereview.chromium.org/438283002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287579 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'components/sessions')
| -rw-r--r-- | components/sessions/serialized_navigation_entry.cc | 31 |
1 files changed, 6 insertions, 25 deletions
diff --git a/components/sessions/serialized_navigation_entry.cc b/components/sessions/serialized_navigation_entry.cc index c0ed8d2..a5ba41c 100644 --- a/components/sessions/serialized_navigation_entry.cc +++ b/components/sessions/serialized_navigation_entry.cc @@ -512,32 +512,13 @@ std::vector<NavigationEntry*> SerializedNavigationEntry::ToNavigationEntries( } void SerializedNavigationEntry::Sanitize() { - // Store original referrer so we can later see whether it was actually - // changed during sanitization, and we need to strip the referrer from the - // page state as well. - content::Referrer old_referrer = referrer_; + content::Referrer new_referrer = + content::Referrer::SanitizeForRequest(virtual_url_, referrer_); - if (!referrer_.url.SchemeIsHTTPOrHTTPS()) - referrer_ = content::Referrer(); - switch (referrer_.policy) { - case blink::WebReferrerPolicyNever: - referrer_.url = GURL(); - break; - case blink::WebReferrerPolicyAlways: - break; - case blink::WebReferrerPolicyOrigin: - referrer_.url = referrer_.url.GetWithEmptyPath(); - break; - case blink::WebReferrerPolicyDefault: - // Fall through. - default: - referrer_.policy = blink::WebReferrerPolicyDefault; - if (referrer_.url.SchemeIsSecure() && !virtual_url_.SchemeIsSecure()) - referrer_.url = GURL(); - } - - if (referrer_.url != old_referrer.url || - referrer_.policy != old_referrer.policy) { + // No need to compare the policy, as it doesn't change during + // sanitization. If there has been a change, the referrer needs to be + // stripped from the page state as well. + if (referrer_.url != new_referrer.url) { referrer_ = content::Referrer(); page_state_ = page_state_.RemoveReferrer(); } |