From e600c8212f8922d77815316ff41fd8ce9d95bca7 Mon Sep 17 00:00:00 2001 From: "tommi@chromium.org" Date: Mon, 31 Aug 2009 16:57:08 +0000 Subject: Sanitizing the referrer header before starting the automation request.TEST=Run automation unit tests.BUG=none Review URL: http://codereview.chromium.org/183004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24888 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/browser/automation/url_request_automation_job.cc | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'chrome/browser/automation') diff --git a/chrome/browser/automation/url_request_automation_job.cc b/chrome/browser/automation/url_request_automation_job.cc index 86f7ebb..2811d1b 100644 --- a/chrome/browser/automation/url_request_automation_job.cc +++ b/chrome/browser/automation/url_request_automation_job.cc @@ -359,11 +359,21 @@ void URLRequestAutomationJob::StartAsync() { kFilteredHeaderStrings, arraysize(kFilteredHeaderStrings))); + // Ensure that we do not send username and password fields in the referrer. + GURL referrer(request_->GetSanitizedReferrer()); +#ifndef NDEBUG + // The referrer header should be suppressed if the preceding URL was + // a secure one and the new one is not. + if (referrer.SchemeIsSecure() && !request_->url().SchemeIsSecure()) { + DCHECK(referrer.spec().empty()); + } +#endif + // Ask automation to start this request. IPC::AutomationURLRequest automation_request = { request_->url().spec(), request_->method(), - request_->referrer(), + referrer.spec(), new_request_headers, request_->get_upload() }; -- cgit v1.1