summaryrefslogtreecommitdiffstats
path: root/net/url_request
diff options
context:
space:
mode:
Diffstat (limited to 'net/url_request')
-rw-r--r--net/url_request/url_request_http_job.cc13
-rw-r--r--net/url_request/url_request_unittest.cc44
2 files changed, 1 insertions, 56 deletions
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 8091b70..702c0bf 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -807,23 +807,12 @@ void URLRequestHttpJob::Start() {
GURL referrer(request_->GetSanitizedReferrer());
request_info_.url = request_->url();
+ request_info_.referrer = referrer;
request_info_.method = request_->method();
request_info_.load_flags = request_->load_flags();
request_info_.priority = request_->priority();
request_info_.request_id = request_->identifier();
- // Strip Referer from request_info_.extra_headers to prevent, e.g., plugins
- // from overriding headers that are controlled using other means. Otherwise a
- // plugin could set a referrer although sending the referrer is inhibited.
- request_info_.extra_headers.RemoveHeader(HttpRequestHeaders::kReferer);
-
- // Our consumer should have made sure that this is a safe referrer. See for
- // instance WebCore::FrameLoader::HideReferrer.
- if (referrer.is_valid()) {
- request_info_.extra_headers.SetHeader(HttpRequestHeaders::kReferer,
- referrer.spec());
- }
-
if (request_->context()) {
request_info_.extra_headers.SetHeaderIfMissing(
HttpRequestHeaders::kUserAgent,
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index ef43f30..ffc1b41 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -2479,50 +2479,6 @@ TEST_F(URLRequestTest, NetworkDelegateProxyError) {
EXPECT_EQ(ERR_PROXY_CONNECTION_FAILED, network_delegate.last_os_error());
}
-// Check that it is impossible to change the referrer in the extra headers of
-// an URLRequest.
-TEST_F(URLRequestTest, DoNotOverrideReferrer) {
- TestServer test_server(TestServer::TYPE_HTTP, FilePath());
- ASSERT_TRUE(test_server.Start());
-
- scoped_refptr<URLRequestContext> context(new TestURLRequestContext());
-
- // If extra headers contain referer and the request contains a referer,
- // only the latter shall be respected.
- {
- TestDelegate d;
- TestURLRequest req(test_server.GetURL("echoheader?Referer"), &d);
- req.set_referrer("http://foo.com/");
- req.set_context(context);
-
- HttpRequestHeaders headers;
- headers.SetHeader(HttpRequestHeaders::kReferer, "http://bar.com/");
- req.SetExtraRequestHeaders(headers);
-
- req.Start();
- MessageLoop::current()->Run();
-
- EXPECT_EQ("http://foo.com/", d.data_received());
- }
-
- // If extra headers contain a referer but the request does not, no referer
- // shall be sent in the header.
- {
- TestDelegate d;
- TestURLRequest req(test_server.GetURL("echoheader?Referer"), &d);
- req.set_context(context);
-
- HttpRequestHeaders headers;
- headers.SetHeader(HttpRequestHeaders::kReferer, "http://bar.com/");
- req.SetExtraRequestHeaders(headers);
-
- req.Start();
- MessageLoop::current()->Run();
-
- EXPECT_EQ("None", d.data_received());
- }
-}
-
class URLRequestTestFTP : public URLRequestTest {
public:
URLRequestTestFTP() : test_server_(TestServer::TYPE_FTP, FilePath()) {
generated by cgit v1.1 at 2025-03-13 04:20:51 +0000