If we redirect from an https to an http site, ensure that we don't

leak referrer information.

BUG=29920
TEST=URLRequestTestHTTP.HTTPSToHTTPRedirectNoRefererTest


Review URL: http://codereview.chromium.org/486015

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34751 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 23 insertions, 0 deletions

diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 0fbe18f..2612a90 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -242,6 +242,29 @@ TEST_F(URLRequestTestHTTP, GetTest) {
   }
 }
 
+TEST_F(URLRequestTestHTTP, HTTPSToHTTPRedirectNoRefererTest) {
+  scoped_refptr<HTTPSTestServer> https_server =
+      HTTPSTestServer::CreateGoodServer(L"net/data/ssl/");
+  ASSERT_TRUE(NULL != https_server.get());
+  ASSERT_TRUE(NULL != server_.get());
+
+  // An https server is sent a request with an https referer,
+  // and responds with a redirect to an http url. The http
+  // server should not be sent the referer.
+  GURL http_destination = server_->TestServerPage("");
+  TestDelegate d;
+  TestURLRequest req(https_server->TestServerPage(
+      "server-redirect?" + http_destination.spec()), &d);
+  req.set_referrer("https://www.referrer.com/");
+  req.Start();
+  MessageLoop::current()->Run();
+
+  EXPECT_EQ(1, d.response_started_count());
+  EXPECT_EQ(1, d.received_redirect_count());
+  EXPECT_EQ(http_destination, req.url());
+  EXPECT_EQ(std::string(), req.referrer());
+}
+
 TEST_F(URLRequestTest, QuitTest) {
   // Don't use shared server here because we order it to quit.
   // It would impact other tests.