Add a check that we don't send a secure referrer to an insecure URL

Unless one of the non-default referrer policies is set, this should
never happen.

BUG=none
R=mef@chromium.org

Review URL: https://codereview.chromium.org/115803003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@241876 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 12 insertions, 0 deletions

diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
index 6b01247..a037063 100644
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -8,6 +8,7 @@
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
+#include "base/debug/dump_without_crashing.h"
 #include "base/debug/stack_trace.h"
 #include "base/lazy_instance.h"
 #include "base/memory/singleton.h"
@@ -684,6 +685,17 @@ void URLRequest::StartJob(URLRequestJob* job) {
 
   response_info_.was_cached = false;
 
+  // If the referrer is secure, but the requested URL is not, the referrer
+  // policy should be something non-default. If you hit this, please file a
+  // bug.
+  if (referrer_policy_ ==
+          CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE &&
+      GURL(referrer_).SchemeIsSecure() && !url().SchemeIsSecure()) {
+    DLOG(FATAL) << "Trying to send secure referrer for insecure load";
+    base::debug::DumpWithoutCrashing();
+    referrer_.clear();
+  }
+
   // Don't allow errors to be sent from within Start().
   // TODO(brettw) this may cause NotifyDone to be sent synchronously,
   // we probably don't want this: they should be sent asynchronously so