Improve our support for referrer policies
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Aug 2017 17:19:44 +0000 (17:19 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Aug 2017 17:19:44 +0000 (17:19 +0000)
commitb03dc04edd53fde3c8fc6a95c3d2345bbead17e3
tree408711795c2379e4231a4edbee6678e815b92888
parent636cef52753edb0ba13e5cd9694f2123570f2dc6
Improve our support for referrer policies
https://bugs.webkit.org/show_bug.cgi?id=175069
<rdar://problem/33677313>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline several WPT tests now that more checks are passing.

* web-platform-tests/beacon/headers/header-referrer-origin-when-cross-origin-expected.txt:
* web-platform-tests/beacon/headers/header-referrer-same-origin-expected.txt:
* web-platform-tests/beacon/headers/header-referrer-strict-origin-when-cross-origin.https-expected.txt:
* web-platform-tests/beacon/headers/header-referrer-strict-origin.https-expected.txt:
* web-platform-tests/beacon/headers/header-referrer-unsafe-url.https-expected.txt:
* web-platform-tests/fetch/api/redirect/redirect-referrer-expected.txt:
* web-platform-tests/fetch/api/redirect/redirect-referrer-worker-expected.txt:
* web-platform-tests/fetch/api/request/request-init-001.sub-expected.txt:

Source/WebCore:

Improve our support for referrer policies. In particular, we now support the
additional following ones: "same-origin", "origin-when-cross-origin" and
"strict-origin-when-cross-origin".

This is as per the following specification:
- https://www.w3.org/TR/referrer-policy/#referrer-policies

Also refactor the code a bit for clarity: I merged the ReferrerPolicy enum and the
FetchOptions::ReferrerPolicy one.

Tests: http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http.html
       http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html
       http/tests/referrer-policy/origin-when-cross-origin/same-origin.html
       http/tests/referrer-policy/same-origin/cross-origin-http-http.html
       http/tests/referrer-policy/same-origin/cross-origin-http.https.html
       http/tests/referrer-policy/same-origin/same-origin.html
       http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http.html
       http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html
       http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin.html
       http/tests/referrer-policy/strict-origin/cross-origin-http-http.html
       http/tests/referrer-policy/strict-origin/cross-origin-http.https.html
       http/tests/referrer-policy/strict-origin/same-origin.html

* Modules/fetch/FetchLoader.cpp:
(WebCore::FetchLoader::start):
* Modules/fetch/FetchReferrerPolicy.h:
* Modules/fetch/FetchReferrerPolicy.idl:
* Modules/fetch/FetchRequest.h:
* Modules/fetch/FetchRequestInit.h:
* dom/Document.cpp:
(WebCore::Document::processReferrerPolicy):
(WebCore::Document::applyQuickLookSandbox):
(WebCore::Document::applyContentDispositionAttachmentSandbox):
* dom/Document.h:
* loader/FetchOptions.h:
* loader/FrameNetworkingContext.h:
* loader/PingLoader.cpp:
(WebCore::PingLoader::sendBeacon):
Drop explicit call to SecurityPolicy::shouldHideReferrer(). This is already called inside
SecurityPolicy::generateReferrerHeader() and used only when needed, depending on the
actual referrer policy.

* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::updateReferrerOriginAndUserAgentHeaders):
* page/SecurityPolicy.cpp:
(WebCore::referrerToOriginString):
(WebCore::SecurityPolicy::generateReferrerHeader):
* page/SecurityPolicy.h:
* platform/ReferrerPolicy.h:

Source/WebKit:

* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::loadResource):
(WebKit::WebLoaderStrategy::schedulePluginStreamLoad):

LayoutTests:

* http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy/origin-when-cross-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy/origin-when-cross-origin/same-origin.html: Added.
* http/tests/referrer-policy/resources/document.html: Added.
* http/tests/referrer-policy/same-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy/same-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy/same-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy/same-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy/same-origin/same-origin.html: Added.
* http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin.html: Added.
* http/tests/referrer-policy/strict-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy/strict-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy/strict-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy/strict-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy/strict-origin/same-origin.html: Added.
Add layout test coverage.

* http/tests/security/referrer-policy-invalid-expected.txt:
Rebaseline test now that console message has changed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@220208 268f45cc-cd09-0410-ab3c-d52691b4dbfc
54 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/resources/document.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/same-origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/same-origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/strict-origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-invalid-expected.txt
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-origin-when-cross-origin-expected.txt
LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-same-origin-expected.txt
LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-strict-origin-when-cross-origin.https-expected.txt
LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-strict-origin.https-expected.txt
LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-unsafe-url.https-expected.txt
LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer-expected.txt
LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer-worker-expected.txt
LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-init-001.sub-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/Modules/fetch/FetchLoader.cpp
Source/WebCore/Modules/fetch/FetchReferrerPolicy.h
Source/WebCore/Modules/fetch/FetchReferrerPolicy.idl
Source/WebCore/Modules/fetch/FetchRequest.h
Source/WebCore/Modules/fetch/FetchRequestInit.h
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/loader/FetchOptions.h
Source/WebCore/loader/FrameNetworkingContext.h
Source/WebCore/loader/PingLoader.cpp
Source/WebCore/loader/cache/CachedResourceLoader.cpp
Source/WebCore/loader/cache/CachedResourceRequest.cpp
Source/WebCore/page/SecurityPolicy.cpp
Source/WebCore/page/SecurityPolicy.h
Source/WebCore/platform/ReferrerPolicy.h
Source/WebKit/ChangeLog
Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp