Implement Meta referrer
authorjochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 21 Nov 2011 10:29:55 +0000 (10:29 +0000)
committerjochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 21 Nov 2011 10:29:55 +0000 (10:29 +0000)
https://bugs.webkit.org/show_bug.cgi?id=72674

Reviewed by Adam Barth.

Source/WebCore:

http://wiki.whatwg.org/wiki/Meta_referrer

Tests: http/tests/security/referrer-policy-always.html
       http/tests/security/referrer-policy-default.html
       http/tests/security/referrer-policy-https-always.html
       http/tests/security/referrer-policy-https-default.html
       http/tests/security/referrer-policy-https-never.html
       http/tests/security/referrer-policy-https-origin.html
       http/tests/security/referrer-policy-never.html
       http/tests/security/referrer-policy-origin.html
       http/tests/security/referrer-policy-redirect.html
       http/tests/security/referrer-policy-rel-noreferrer.html

* WebCore.exp.in: updated
* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::processReferrerPolicy):
* dom/Document.h:
(WebCore::Document::referrerPolicy):
* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::handleClick):
* html/HTMLMetaElement.cpp:
(WebCore::HTMLMetaElement::process):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadFrameRequest):
(WebCore::FrameLoader::loadResourceSynchronously):
* loader/PingLoader.cpp:
(WebCore::PingLoader::loadImage):
(WebCore::PingLoader::sendPing):
(WebCore::PingLoader::reportContentSecurityPolicyViolation):
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadSubframe):
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::create):
* page/SecurityPolicy.cpp:
(WebCore::SecurityPolicy::generateReferrerHeader):
* page/SecurityPolicy.h:

Source/WebKit/chromium:

* WebKit.gyp:
* public/WebFrame.h:
* public/WebReferrerPolicy.h: Added.
* public/WebSecurityPolicy.h:
* src/AssertMatchingEnums.cpp:
* src/WebFrameImpl.cpp:
(WebKit::WebFrameImpl::referrerPolicy):
(WebKit::WebFrameImpl::setReferrerForRequest):
* src/WebFrameImpl.h:
* src/WebSecurityPolicy.cpp:
(WebKit::WebSecurityPolicy::generateReferrerHeader):

Source/WebKit/mac:

* Plugins/Hosted/HostedNetscapePluginStream.mm:
(WebKit::HostedNetscapePluginStream::HostedNetscapePluginStream):
* Plugins/WebNetscapePluginStream.mm:
(WebNetscapePluginStream::WebNetscapePluginStream):

Source/WebKit2:

* WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::loadURL):

LayoutTests:

* http/tests/security/referrer-policy-always-expected.txt: Added.
* http/tests/security/referrer-policy-always.html: Added.
* http/tests/security/referrer-policy-default-expected.txt: Added.
* http/tests/security/referrer-policy-default.html: Added.
* http/tests/security/referrer-policy-https-always-expected.txt: Added.
* http/tests/security/referrer-policy-https-always.html: Added.
* http/tests/security/referrer-policy-https-default-expected.txt: Added.
* http/tests/security/referrer-policy-https-default.html: Added.
* http/tests/security/referrer-policy-https-never-expected.txt: Added.
* http/tests/security/referrer-policy-https-never.html: Added.
* http/tests/security/referrer-policy-https-origin-expected.txt: Added.
* http/tests/security/referrer-policy-https-origin.html: Added.
* http/tests/security/referrer-policy-never-expected.txt: Added.
* http/tests/security/referrer-policy-never.html: Added.
* http/tests/security/referrer-policy-origin-expected.txt: Added.
* http/tests/security/referrer-policy-origin.html: Added.
* http/tests/security/referrer-policy-redirect-expected.txt: Added.
* http/tests/security/referrer-policy-redirect.html: Added.
* http/tests/security/referrer-policy-rel-noreferrer-expected.txt: Added.
* http/tests/security/referrer-policy-rel-noreferrer.html: Added.
* http/tests/security/resources/referrer-policy-log.php: Added.
* http/tests/security/resources/referrer-policy-redirect.html: Added.
* http/tests/security/resources/referrer-policy-start.html: Added.
* http/tests/security/resources/rel-noreferrer.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@100895 268f45cc-cd09-0410-ab3c-d52691b4dbfc

51 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/referrer-policy-always-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-always.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-default-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-default.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-https-always.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-https-default.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-https-never.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-https-origin.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-never-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-never.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-origin.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-redirect-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-redirect.html [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-rel-noreferrer-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-rel-noreferrer.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/referrer-policy-log.php [new file with mode: 0644]
LayoutTests/http/tests/security/resources/referrer-policy-redirect.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/referrer-policy-start.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/rel-noreferrer.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/WebCore.exp.in
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/html/HTMLAnchorElement.cpp
Source/WebCore/html/HTMLMetaElement.cpp
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/loader/PingLoader.cpp
Source/WebCore/loader/SubframeLoader.cpp
Source/WebCore/loader/SubresourceLoader.cpp
Source/WebCore/page/SecurityPolicy.cpp
Source/WebCore/page/SecurityPolicy.h
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/WebKit.gyp
Source/WebKit/chromium/public/WebFrame.h
Source/WebKit/chromium/public/WebReferrerPolicy.h [new file with mode: 0644]
Source/WebKit/chromium/public/WebSecurityPolicy.h
Source/WebKit/chromium/src/AssertMatchingEnums.cpp
Source/WebKit/chromium/src/WebFrameImpl.cpp
Source/WebKit/chromium/src/WebFrameImpl.h
Source/WebKit/chromium/src/WebSecurityPolicy.cpp
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/Plugins/Hosted/HostedNetscapePluginStream.mm
Source/WebKit/mac/Plugins/WebNetscapePluginStream.mm
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/Plugins/PluginView.cpp

index e266430cc68403835d02767285bfb66e02c185e5..dfe5b8538881a91d5fc41646b114aae8bfec53b1 100644 (file)
@@ -1,3 +1,35 @@
+2011-11-21  Jochen Eisinger  <jochen@chromium.org>
+
+        Implement Meta referrer
+        https://bugs.webkit.org/show_bug.cgi?id=72674
+
+        Reviewed by Adam Barth.
+
+        * http/tests/security/referrer-policy-always-expected.txt: Added.
+        * http/tests/security/referrer-policy-always.html: Added.
+        * http/tests/security/referrer-policy-default-expected.txt: Added.
+        * http/tests/security/referrer-policy-default.html: Added.
+        * http/tests/security/referrer-policy-https-always-expected.txt: Added.
+        * http/tests/security/referrer-policy-https-always.html: Added.
+        * http/tests/security/referrer-policy-https-default-expected.txt: Added.
+        * http/tests/security/referrer-policy-https-default.html: Added.
+        * http/tests/security/referrer-policy-https-never-expected.txt: Added.
+        * http/tests/security/referrer-policy-https-never.html: Added.
+        * http/tests/security/referrer-policy-https-origin-expected.txt: Added.
+        * http/tests/security/referrer-policy-https-origin.html: Added.
+        * http/tests/security/referrer-policy-never-expected.txt: Added.
+        * http/tests/security/referrer-policy-never.html: Added.
+        * http/tests/security/referrer-policy-origin-expected.txt: Added.
+        * http/tests/security/referrer-policy-origin.html: Added.
+        * http/tests/security/referrer-policy-redirect-expected.txt: Added.
+        * http/tests/security/referrer-policy-redirect.html: Added.
+        * http/tests/security/referrer-policy-rel-noreferrer-expected.txt: Added.
+        * http/tests/security/referrer-policy-rel-noreferrer.html: Added.
+        * http/tests/security/resources/referrer-policy-log.php: Added.
+        * http/tests/security/resources/referrer-policy-redirect.html: Added.
+        * http/tests/security/resources/referrer-policy-start.html: Added.
+        * http/tests/security/resources/rel-noreferrer.html: Added.
+
 2011-11-21  Dominic Mazzoni  <dmazzoni@google.com>
 
         Accessibility: Multiselect list boxes need to report the active option in addition to which items are selected.
diff --git a/LayoutTests/http/tests/security/referrer-policy-always-expected.txt b/LayoutTests/http/tests/security/referrer-policy-always-expected.txt
new file mode 100644 (file)
index 0000000..87ea258
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the always referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?always
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?always
+Referrer is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?always
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-always.html b/LayoutTests/http/tests/security/referrer-policy-always.html
new file mode 100644 (file)
index 0000000..dd52027
--- /dev/null
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the always referrer policy when navigating from an insecure
+URL to another insecure URL. The test passes if the printed referrer is
+http://127.0.0.1:8000/security/resources/referrer-policy-start.html?always
+</p>
+<iframe src="http://127.0.0.1:8000/security/resources/referrer-policy-start.html?always"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-default-expected.txt b/LayoutTests/http/tests/security/referrer-policy-default-expected.txt
new file mode 100644 (file)
index 0000000..1124260
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the default referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?default
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?default
+Referrer is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?default
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-default.html b/LayoutTests/http/tests/security/referrer-policy-default.html
new file mode 100644 (file)
index 0000000..85403ec
--- /dev/null
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the default referrer policy when navigating from an insecure
+URL to another insecure URL. The test passes if the printed referrer is
+http://127.0.0.1:8000/security/resources/referrer-policy-start.html?default
+</p>
+<iframe src="http://127.0.0.1:8000/security/resources/referrer-policy-start.html?default"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt b/LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
new file mode 100644 (file)
index 0000000..5e51de1
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the always referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
+Referrer is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-https-always.html b/LayoutTests/http/tests/security/referrer-policy-https-always.html
new file mode 100644 (file)
index 0000000..ace27dd
--- /dev/null
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the always referrer policy when navigating from a secure URL
+to an insecure URL. The test passes if the printed referrer is
+https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
+</p>
+<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt b/LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
new file mode 100644 (file)
index 0000000..e476c26
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is empty
+Referrer is empty
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-https-default.html b/LayoutTests/http/tests/security/referrer-policy-https-default.html
new file mode 100644 (file)
index 0000000..e395810
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the default referrer policy when navigating from a secure URL
+to an insecure URL. The test passes if the printed referrer is empty.
+</p>
+<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?default"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt b/LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
new file mode 100644 (file)
index 0000000..6c12ec9
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the never referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is empty
+Referrer is empty
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-https-never.html b/LayoutTests/http/tests/security/referrer-policy-https-never.html
new file mode 100644 (file)
index 0000000..62609e0
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the never referrer policy when navigating from a secure URL to
+an insecure URL. The test passes if the printed referrer is empty.
+</p>
+<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?never"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt b/LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
new file mode 100644 (file)
index 0000000..c0f9b81
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the origin referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is https://127.0.0.1:8443
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is https://127.0.0.1:8443/
+Referrer is https://127.0.0.1:8443/
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-https-origin.html b/LayoutTests/http/tests/security/referrer-policy-https-origin.html
new file mode 100644 (file)
index 0000000..2026b74
--- /dev/null
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the origin referrer policy when navigating from a secure URL
+to an insecure URL. The test passes if the printed referrer is
+https://127.0.0.1:8443
+</p>
+<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?origin"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-never-expected.txt b/LayoutTests/http/tests/security/referrer-policy-never-expected.txt
new file mode 100644 (file)
index 0000000..2f04f7a
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the never referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is empty.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is empty
+Referrer is empty
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-never.html b/LayoutTests/http/tests/security/referrer-policy-never.html
new file mode 100644 (file)
index 0000000..7559694
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the never referrer policy when navigating from an insecure
+URL to another insecure URL. The test passes if the printed referrer is empty.
+</p>
+<iframe src="http://127.0.0.1:8000/security/resources/referrer-policy-start.html?never"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-origin-expected.txt b/LayoutTests/http/tests/security/referrer-policy-origin-expected.txt
new file mode 100644 (file)
index 0000000..bff723c
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the origin referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is http://127.0.0.1:8000
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is http://127.0.0.1:8000/
+Referrer is http://127.0.0.1:8000/
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-origin.html b/LayoutTests/http/tests/security/referrer-policy-origin.html
new file mode 100644 (file)
index 0000000..c4eec09
--- /dev/null
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the origin referrer policy when navigating from an insecure
+URL to another insecure URL. The test passes if the printed referrer is
+http://127.0.0.1:8000
+</p>
+<iframe src="http://127.0.0.1:8000/security/resources/referrer-policy-start.html?origin"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-redirect-expected.txt b/LayoutTests/http/tests/security/referrer-policy-redirect-expected.txt
new file mode 100644 (file)
index 0000000..3d1c975
--- /dev/null
@@ -0,0 +1,10 @@
+This test checks the referrer policy is obeyed along the redirect chain. The test passes if the referrer is http://127.0.0.1:8000
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is http://127.0.0.1:8000/
+Referrer is http://127.0.0.1:8000/
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-redirect.html b/LayoutTests/http/tests/security/referrer-policy-redirect.html
new file mode 100644 (file)
index 0000000..1dc80fe
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the referrer policy is obeyed along the redirect chain.  The
+test passes if the referrer is http://127.0.0.1:8000
+</p>
+<iframe src="http://127.0.0.1:8000/security/resources/referrer-policy-redirect.html"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/referrer-policy-rel-noreferrer-expected.txt b/LayoutTests/http/tests/security/referrer-policy-rel-noreferrer-expected.txt
new file mode 100644 (file)
index 0000000..1920c1a
--- /dev/null
@@ -0,0 +1,10 @@
+This test navigates a frame by clicking on a link with rel=noreferrer. It passes, if the referrer is empty, even though the referrer policy is set to always.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is empty
+Referrer is empty
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-rel-noreferrer.html b/LayoutTests/http/tests/security/referrer-policy-rel-noreferrer.html
new file mode 100644 (file)
index 0000000..c0732c8
--- /dev/null
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+    layoutTestController.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+    This test navigates a frame by clicking on a link with rel=noreferrer.
+    It passes, if the referrer is empty, even though the referrer policy is
+    set to always.
+</p>
+<iframe src="http://127.0.0.1:8000/security/resources/rel-noreferrer.html"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/resources/referrer-policy-log.php b/LayoutTests/http/tests/security/resources/referrer-policy-log.php
new file mode 100644 (file)
index 0000000..b6085a7
--- /dev/null
@@ -0,0 +1,28 @@
+<html>
+<head>
+<script>
+function log(msg) {
+    document.getElementById("log").innerHTML += msg + "<br>";
+}
+
+function runTest() {
+    var referrerHeader = "<?php echo $_SERVER['HTTP_REFERER'] ?>";
+    if (referrerHeader == "")
+        log("HTTP Referer header is empty");
+    else
+        log("HTTP Referer header is " + referrerHeader);
+
+    if (document.referrer == "")
+        log("Referrer is empty");
+    else
+        log("Referrer is " + document.referrer);
+
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body onload="runTest()">
+<div id="log"></div>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/resources/referrer-policy-redirect.html b/LayoutTests/http/tests/security/resources/referrer-policy-redirect.html
new file mode 100644 (file)
index 0000000..e19abd1
--- /dev/null
@@ -0,0 +1,13 @@
+<html>
+<head>
+<meta name="referrer" content="origin" />
+<script>
+function runTest() {
+    document.location = "https://127.0.0.1:8443/resources/redirect.php?url=" +
+        "http://127.0.0.1:8000/security/resources/referrer-policy-log.php";
+}
+</script>
+</head>
+<body onload="runTest()">
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/resources/referrer-policy-start.html b/LayoutTests/http/tests/security/resources/referrer-policy-start.html
new file mode 100644 (file)
index 0000000..c6c3962
--- /dev/null
@@ -0,0 +1,16 @@
+<html>
+<head>
+<script>
+function runTest() {
+    var meta = document.createElement("meta");
+    meta.name = "referrer";
+    meta.content = document.location.search.substring(1);
+    document.head.appendChild(meta);
+    document.location =
+        "http://127.0.0.1:8000/security/resources/referrer-policy-log.php";
+}
+</script>
+</head>
+<body onload="runTest()">
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/resources/rel-noreferrer.html b/LayoutTests/http/tests/security/resources/rel-noreferrer.html
new file mode 100644 (file)
index 0000000..e8ee317
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<meta name="referrer" content="always" />
+<script>
+function runTest() {
+    var link = document.getElementById("link");
+    var iframe = window.parent.document.getElementsByTagName("iframe")[0];
+    eventSender.mouseMoveTo(link.offsetLeft + iframe.offsetLeft + 2,
+                            link.offsetTop + iframe.offsetTop + 2);
+    eventSender.mouseDown();
+    eventSender.mouseUp();
+}
+</script>
+</head>
+<body onload="runTest()">
+<a id="link" href="http://127.0.0.1:8000/security/resources/referrer-policy-log.php" rel="noreferrer">link</a>
+</body>
+</html>
index 4a126c6e44359e0e53a7c2bec05a8f6a3ba5f0e5..63c70fdcd7b76d96627bd86895319fea25c10086 100644 (file)
@@ -1,3 +1,48 @@
+2011-11-21  Jochen Eisinger  <jochen@chromium.org>
+
+        Implement Meta referrer
+        https://bugs.webkit.org/show_bug.cgi?id=72674
+
+        Reviewed by Adam Barth.
+
+        http://wiki.whatwg.org/wiki/Meta_referrer
+
+        Tests: http/tests/security/referrer-policy-always.html
+               http/tests/security/referrer-policy-default.html
+               http/tests/security/referrer-policy-https-always.html
+               http/tests/security/referrer-policy-https-default.html
+               http/tests/security/referrer-policy-https-never.html
+               http/tests/security/referrer-policy-https-origin.html
+               http/tests/security/referrer-policy-never.html
+               http/tests/security/referrer-policy-origin.html
+               http/tests/security/referrer-policy-redirect.html
+               http/tests/security/referrer-policy-rel-noreferrer.html
+
+        * WebCore.exp.in: updated
+        * dom/Document.cpp:
+        (WebCore::Document::Document):
+        (WebCore::Document::processReferrerPolicy):
+        * dom/Document.h:
+        (WebCore::Document::referrerPolicy):
+        * html/HTMLAnchorElement.cpp:
+        (WebCore::HTMLAnchorElement::handleClick):
+        * html/HTMLMetaElement.cpp:
+        (WebCore::HTMLMetaElement::process):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadFrameRequest):
+        (WebCore::FrameLoader::loadResourceSynchronously):
+        * loader/PingLoader.cpp:
+        (WebCore::PingLoader::loadImage):
+        (WebCore::PingLoader::sendPing):
+        (WebCore::PingLoader::reportContentSecurityPolicyViolation):
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::loadSubframe):
+        * loader/SubresourceLoader.cpp:
+        (WebCore::SubresourceLoader::create):
+        * page/SecurityPolicy.cpp:
+        (WebCore::SecurityPolicy::generateReferrerHeader):
+        * page/SecurityPolicy.h:
+
 2011-11-21  Vsevolod Vlasov  <vsevik@chromium.org>
 
         Web Inspector: ApplicationCache view should show navigator.onLine indicator.
index 8e046b8fa93969f95e021ec1af1ef493007d82cc..8e5a7f20fc089158b9d162c291822e3ccb62209d 100644 (file)
@@ -391,6 +391,7 @@ __ZN7WebCore14SecurityOrigin6createERKN3WTF6StringES4_i
 __ZN7WebCore14SecurityOrigin6createERKNS_4KURLE
 __ZN7WebCore14SecurityPolicy18setLocalLoadPolicyENS0_15LocalLoadPolicyE
 __ZN7WebCore14SecurityPolicy18shouldHideReferrerERKNS_4KURLERKN3WTF6StringE
+__ZN7WebCore14SecurityPolicy22generateReferrerHeaderENS0_14ReferrerPolicyERKNS_4KURLERKN3WTF6StringE
 __ZN7WebCore14SecurityPolicy27resetOriginAccessWhitelistsEv
 __ZN7WebCore14SecurityPolicy29addOriginAccessWhitelistEntryERKNS_14SecurityOriginERKN3WTF6StringES7_b
 __ZN7WebCore14SecurityPolicy32removeOriginAccessWhitelistEntryERKNS_14SecurityOriginERKN3WTF6StringES7_b
index 7c118029ee697118c2e0fca468cf8ed86393bc70..97519a1d9df4664714c78ee38aaf102cbcbdce51 100644 (file)
@@ -423,6 +423,7 @@ Document::Document(Frame* frame, const KURL& url, bool isXHTML, bool isHTML)
 #endif
     , m_loadEventDelayCount(0)
     , m_loadEventDelayTimer(this, &Document::loadEventDelayTimerFired)
+    , m_referrerPolicy(SecurityPolicy::ReferrerPolicyDefault)
     , m_directionSetOnDocumentElement(false)
     , m_writingModeSetOnDocumentElement(false)
     , m_writeRecursionIsTooDeep(false)
@@ -2742,6 +2743,20 @@ void Document::processViewport(const String& features)
     frame->page()->updateViewportArguments();
 }
 
+void Document::processReferrerPolicy(const String& policy)
+{
+    ASSERT(!policy.isNull());
+
+    m_referrerPolicy = SecurityPolicy::ReferrerPolicyDefault;
+
+    if (equalIgnoringCase(policy, "never"))
+        m_referrerPolicy = SecurityPolicy::ReferrerPolicyNever;
+    else if (equalIgnoringCase(policy, "always"))
+        m_referrerPolicy = SecurityPolicy::ReferrerPolicyAlways;
+    else if (equalIgnoringCase(policy, "origin"))
+        m_referrerPolicy = SecurityPolicy::ReferrerPolicyOrigin;
+}
+
 MouseEventWithHitTestResults Document::prepareMouseEvent(const HitTestRequest& request, const LayoutPoint& documentPoint, const PlatformMouseEvent& event)
 {
     ASSERT(!renderer() || renderer()->isRenderView());
index 96f57c8c152d36011c71eae54327cc4c35b7c184..16cc1b86d8c4dfc3e428a4ff42962d1bb3a92dd8 100644 (file)
@@ -42,6 +42,7 @@
 #include "PlatformScreen.h"
 #include "QualifiedName.h"
 #include "ScriptExecutionContext.h"
+#include "SecurityPolicy.h"
 #include "StringWithDirection.h"
 #include "Timer.h"
 #include "TreeScope.h"
@@ -323,6 +324,8 @@ public:
 
     ViewportArguments viewportArguments() const { return m_viewportArguments; }
 
+    SecurityPolicy::ReferrerPolicy referrerPolicy() const { return m_referrerPolicy; }
+
     DocumentType* doctype() const { return m_docType.get(); }
 
     DOMImplementation* implementation();
@@ -805,6 +808,7 @@ public:
      */
     void processHttpEquiv(const String& equiv, const String& content);
     void processViewport(const String& features);
+    void processReferrerPolicy(const String& policy);
 
     // Returns the owning element in the parent document.
     // Returns 0 if this is the top level document.
@@ -1414,6 +1418,8 @@ private:
 
     ViewportArguments m_viewportArguments;
 
+    SecurityPolicy::ReferrerPolicy m_referrerPolicy;
+
     bool m_directionSetOnDocumentElement;
     bool m_writingModeSetOnDocumentElement;
 
index 8201d4f08b70d8832e6f0906c581381e36d798a9..7e5dd3cb1d072cb22f0af69ebc47ef0332f3fa7f 100644 (file)
@@ -504,8 +504,8 @@ void HTMLAnchorElement::handleClick(Event* event)
         ResourceRequest request(kurl);
 
         if (!hasRel(RelationNoReferrer)) {
-            String referrer = frame->loader()->outgoingReferrer();
-            if (!referrer.isEmpty() && !SecurityPolicy::shouldHideReferrer(kurl, referrer))
+            String referrer = SecurityPolicy::generateReferrerHeader(document()->referrerPolicy(), kurl, frame->loader()->outgoingReferrer());
+            if (!referrer.isEmpty())
                 request.setHTTPReferrer(referrer);
             frame->loader()->addExtraFieldsToMainResourceRequest(request);
         }
index 0fa8c9295686c12429686190f9ad09ca8b99b627..25f12edfa84fb99a62d56516deb18c97f987fd67 100644 (file)
@@ -72,6 +72,9 @@ void HTMLMetaElement::process()
     if (equalIgnoringCase(name(), "viewport"))
         document()->processViewport(contentValue);
 
+    if (equalIgnoringCase(name(), "referrer"))
+        document()->processReferrerPolicy(contentValue);
+
     // Get the document to process the tag, but only if we're actually part of DOM tree (changing a meta tag while
     // it's not in the tree shouldn't have any effect on the document)
     const AtomicString& httpEquivValue = fastGetAttribute(http_equivAttr);
index b27b9b8f0d567145ac9642420446ae5856e61355..158938ec484e2ff03b9a22a54d5aeb4d2b1fc987 100644 (file)
@@ -1138,14 +1138,12 @@ void FrameLoader::loadFrameRequest(const FrameLoadRequest& request, bool lockHis
         return;
     }
 
-    String referrer;
     String argsReferrer = request.resourceRequest().httpReferrer();
-    if (!argsReferrer.isEmpty())
-        referrer = argsReferrer;
-    else
-        referrer = m_outgoingReferrer;
+    if (argsReferrer.isEmpty())
+        argsReferrer = m_outgoingReferrer;
 
-    if (SecurityPolicy::shouldHideReferrer(url, referrer) || shouldSendReferrer == NeverSendReferrer)
+    String referrer = SecurityPolicy::generateReferrerHeader(m_frame->document()->referrerPolicy(), url, argsReferrer);
+    if (shouldSendReferrer == NeverSendReferrer)
         referrer = String();
     
     FrameLoadType loadType;
@@ -2594,9 +2592,8 @@ void FrameLoader::loadPostRequest(const ResourceRequest& inRequest, const String
 
 unsigned long FrameLoader::loadResourceSynchronously(const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
 {
-    String referrer = m_outgoingReferrer;
-    if (SecurityPolicy::shouldHideReferrer(request.url(), referrer))
-        referrer = String();
+    ASSERT(m_frame->document());
+    String referrer = SecurityPolicy::generateReferrerHeader(m_frame->document()->referrerPolicy(), request.url(), m_outgoingReferrer);
     
     ResourceRequest initialRequest = request;
     initialRequest.setTimeoutInterval(10);
index 1af92e0d1654c925ad815d4262d3107618579faa..e8da4aa52ede6360d0dd827b2026ebe384b4b306 100644 (file)
@@ -60,8 +60,9 @@ void PingLoader::loadImage(Frame* frame, const KURL& url)
     request.setTargetType(ResourceRequest::TargetIsImage);
 #endif
     request.setHTTPHeaderField("Cache-Control", "max-age=0");
-    if (!SecurityPolicy::shouldHideReferrer(request.url(), frame->loader()->outgoingReferrer()))
-        request.setHTTPReferrer(frame->loader()->outgoingReferrer());
+    String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), request.url(), frame->loader()->outgoingReferrer());
+    if (!referrer.isEmpty())
+        request.setHTTPReferrer(referrer);
     frame->loader()->addExtraFieldsToSubresourceRequest(request);
     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
 
@@ -89,8 +90,11 @@ void PingLoader::sendPing(Frame* frame, const KURL& pingURL, const KURL& destina
     request.setHTTPHeaderField("Ping-To", destinationURL);
     if (!SecurityPolicy::shouldHideReferrer(pingURL, frame->loader()->outgoingReferrer())) {
       request.setHTTPHeaderField("Ping-From", frame->document()->url());
-      if (!sourceOrigin->isSameSchemeHostPort(pingOrigin.get()))
-        request.setHTTPReferrer(frame->loader()->outgoingReferrer());
+      if (!sourceOrigin->isSameSchemeHostPort(pingOrigin.get())) {
+          String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), pingURL, frame->loader()->outgoingReferrer());
+          if (!referrer.isEmpty())
+              request.setHTTPReferrer(referrer);
+      }
     }
     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
 
@@ -110,8 +114,9 @@ void PingLoader::reportContentSecurityPolicyViolation(Frame* frame, const KURL&
     request.setHTTPBody(report);
     frame->loader()->addExtraFieldsToSubresourceRequest(request);
 
-    if (!SecurityPolicy::shouldHideReferrer(reportURL, frame->loader()->outgoingReferrer()))
-        request.setHTTPReferrer(frame->loader()->outgoingReferrer());
+    String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), reportURL, frame->loader()->outgoingReferrer());
+    if (!referrer.isEmpty())
+        request.setHTTPReferrer(referrer);
     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
 
     // Leak the ping loader, since it will kill itself as soon as it receives a response.
index 47c3e10f319127b8952115205d129c17b801fded..236c72893721ff4f459e463e285aeaee41141470 100644 (file)
@@ -262,8 +262,8 @@ Frame* SubframeLoader::loadSubframe(HTMLFrameOwnerElement* ownerElement, const K
     if (!ownerElement->document()->contentSecurityPolicy()->allowChildFrameFromSource(url))
         return 0;
 
-    bool hideReferrer = SecurityPolicy::shouldHideReferrer(url, referrer);
-    RefPtr<Frame> frame = m_frame->loader()->client()->createFrame(url, name, ownerElement, hideReferrer ? String() : referrer, allowsScrolling, marginWidth, marginHeight);
+    String referrerToUse = SecurityPolicy::generateReferrerHeader(ownerElement->document()->referrerPolicy(), url, referrer);
+    RefPtr<Frame> frame = m_frame->loader()->client()->createFrame(url, name, ownerElement, referrerToUse, allowsScrolling, marginWidth, marginHeight);
 
     if (!frame)  {
         m_frame->loader()->checkCallImplicitClose();
index d5f668b17fd992418395376604c27a79fccbf616..b589662a51b401051f7988574b295692034a5fbf 100644 (file)
@@ -90,7 +90,8 @@ PassRefPtr<SubresourceLoader> SubresourceLoader::create(Frame* frame, CachedReso
         outgoingOrigin = SecurityOrigin::createFromString(outgoingReferrer)->toString();
     }
 
-    if (SecurityPolicy::shouldHideReferrer(request.url(), outgoingReferrer))
+    outgoingReferrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), request.url(), outgoingReferrer);
+    if (outgoingReferrer.isEmpty())
         newRequest.clearHTTPReferrer();
     else if (!request.httpReferrer())
         newRequest.setHTTPReferrer(outgoingReferrer);
index 31cac065feefe60812201724e3ec71edf0d61d90..f9e4d04051d7c0904e6d99f52216d286b6d9f9d6 100644 (file)
@@ -64,6 +64,31 @@ bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer)
     return !URLIsSecureURL;
 }
 
+String SecurityPolicy::generateReferrerHeader(ReferrerPolicy referrerPolicy, const KURL& url, const String& referrer)
+{
+    if (referrer.isEmpty())
+        return String();
+
+    switch (referrerPolicy) {
+    case ReferrerPolicyNever:
+        return String();
+    case ReferrerPolicyAlways:
+        return referrer;
+    case ReferrerPolicyOrigin: {
+        String origin = SecurityOrigin::createFromString(referrer)->toString();
+        if (origin == "null")
+            return String();
+        // A security origin is not a canonical URL as it lacks a path. Add /
+        // to turn it into a canonical URL we can use as referrer.
+        return origin + "/";
+    }
+    case ReferrerPolicyDefault:
+        break;
+    }
+
+    return shouldHideReferrer(url, referrer) ? String() : referrer;
+}
+
 void SecurityPolicy::setLocalLoadPolicy(LocalLoadPolicy policy)
 {
     localLoadPolicy = policy;
index 70441f3d4eead37a68822dc7d868a639235724e5..41f887f19ae8e9eba73b5c9e2282d0849620badf 100644 (file)
@@ -38,8 +38,25 @@ class SecurityOrigin;
 
 class SecurityPolicy {
 public:
+    enum ReferrerPolicy {
+        ReferrerPolicyAlways,
+        ReferrerPolicyDefault,
+        ReferrerPolicyNever,
+        // Same as ReferrerPolicyAlways, except that only the origin of the
+        // referring URL is send.
+        ReferrerPolicyOrigin,
+    };
+
+    // True if the referrer should be omitted according to the
+    // ReferrerPolicyDefault. If you intend to send a referrer header, you
+    // should use generateReferrerHeader instead.
     static bool shouldHideReferrer(const KURL&, const String& referrer);
 
+    // Returns the referrer modified according to the referrer policy for a
+    // navigation to a given URL. If the referrer returned is empty, the
+    // referrer header should be omitted.
+    static String generateReferrerHeader(ReferrerPolicy, const KURL&, const String& referrer);
+
     enum LocalLoadPolicy {
         AllowLocalLoadsForAll, // No restriction on local loads.
         AllowLocalLoadsForLocalAndSubstituteData,
index e01463312be006914c4502f91dbd7b2447155549..5861b4d69105fae9832b6b55845534bf40e4024a 100644 (file)
@@ -1,3 +1,22 @@
+2011-11-21  Jochen Eisinger  <jochen@chromium.org>
+
+        Implement Meta referrer
+        https://bugs.webkit.org/show_bug.cgi?id=72674
+
+        Reviewed by Adam Barth.
+
+        * WebKit.gyp:
+        * public/WebFrame.h:
+        * public/WebReferrerPolicy.h: Added.
+        * public/WebSecurityPolicy.h:
+        * src/AssertMatchingEnums.cpp:
+        * src/WebFrameImpl.cpp:
+        (WebKit::WebFrameImpl::referrerPolicy):
+        (WebKit::WebFrameImpl::setReferrerForRequest):
+        * src/WebFrameImpl.h:
+        * src/WebSecurityPolicy.cpp:
+        (WebKit::WebSecurityPolicy::generateReferrerHeader):
+
 2011-11-21  Dominic Mazzoni  <dmazzoni@google.com>
 
         Accessibility: Multiselect list boxes need to report the active option in addition to which items are selected.
index 095a82460b2521f4ceb814cae1fc77c84ae2bc35..121089466f56984d5d47d9fc1679c17063336526 100644 (file)
                 'public/WebPrivateOwnPtr.h',
                 'public/WebRange.h',
                 'public/WebRect.h',
+                'public/WebReferrerPolicy.h',
                 'public/WebRegularExpression.h',
                 'public/WebRuntimeFeatures.h',
                 'public/WebScrollbar.h',
index 73d4423bb618634f6b4c95229032a7499c073536..79b74679f184b3232f61d71bcb29c1bb24c9d31a 100644 (file)
@@ -35,6 +35,7 @@
 #include "WebFileSystem.h"
 #include "WebIconURL.h"
 #include "WebNode.h"
+#include "WebReferrerPolicy.h"
 #include "WebURL.h"
 #include "WebURLLoaderOptions.h"
 
@@ -140,6 +141,9 @@ public:
     // URLs
     virtual WebVector<WebIconURL> iconURLs(int iconTypes) const = 0;
 
+    // The referrer policy of the document associated with this frame.
+    virtual WebReferrerPolicy referrerPolicy() const = 0;
+
 
     // Geometry -----------------------------------------------------------
 
diff --git a/Source/WebKit/chromium/public/WebReferrerPolicy.h b/Source/WebKit/chromium/public/WebReferrerPolicy.h
new file mode 100644 (file)
index 0000000..82710fb
--- /dev/null
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2011 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WebReferrerPolicy_h
+#define WebReferrerPolicy_h
+
+namespace WebKit {
+
+enum WebReferrerPolicy {
+    WebReferrerPolicyAlways,
+    WebReferrerPolicyDefault,
+    WebReferrerPolicyNever,
+    WebReferrerPolicyOrigin,
+};
+
+} // namespace WebKit
+
+#endif
index 735b6e0328df01be9c3c748eda9d9451fcd7bbfb..fe13a23e28a491ed8c64613e88a8b26bda878b84 100644 (file)
@@ -32,6 +32,7 @@
 #define WebSecurityPolicy_h
 
 #include "WebCommon.h"
+#include "WebReferrerPolicy.h"
 
 namespace WebKit {
 
@@ -71,7 +72,13 @@ public:
 
     // Returns whether the url should be allowed to see the referrer
     // based on their respective protocols.
-    WEBKIT_EXPORT static bool shouldHideReferrer(const WebURL& url, const WebString& referrer);
+    // FIXME: remove this function once the chromium side has landed.
+    WEBKIT_EXPORT static bool shouldHideReferrer(const WebURL&, const WebString& referrer);
+
+    // Returns the referrer modified according to the referrer policy for a
+    // navigation to a given URL. If the referrer returned is empty, the
+    // referrer header should be omitted.
+    WEBKIT_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, const WebURL&, const WebString& referrer);
 
     // Registers an URL scheme to not allow manipulation of the loaded page
     // by bookmarklets or javascript: URLs typed in the omnibox.
index 55bf8d1e15f5a30e7636613eec00eb5b648d4dc6..d7130bc48d6d229038018699e4d7bb77729e78cd 100644 (file)
@@ -55,6 +55,7 @@
 #include "PageVisibilityState.h"
 #include "PasteboardPrivate.h"
 #include "PlatformCursor.h"
+#include "SecurityPolicy.h"
 #include "Settings.h"
 #include "StorageInfo.h"
 #include "TextAffinity.h"
@@ -82,6 +83,7 @@
 #include "WebMediaStreamSource.h"
 #include "WebNotificationPresenter.h"
 #include "WebPageVisibilityState.h"
+#include "WebReferrerPolicy.h"
 #include "WebScrollbar.h"
 #include "WebSettings.h"
 #include "WebStorageQuotaError.h"
@@ -467,3 +469,8 @@ COMPILE_ASSERT_MATCHING_ENUM(WebPageVisibilityStatePrerender, PageVisibilityStat
 COMPILE_ASSERT_MATCHING_ENUM(WebMediaStreamSource::TypeAudio, MediaStreamSource::TypeAudio);
 COMPILE_ASSERT_MATCHING_ENUM(WebMediaStreamSource::TypeVideo, MediaStreamSource::TypeVideo);
 #endif
+
+COMPILE_ASSERT_MATCHING_ENUM(WebReferrerPolicyAlways, SecurityPolicy::ReferrerPolicyAlways);
+COMPILE_ASSERT_MATCHING_ENUM(WebReferrerPolicyDefault, SecurityPolicy::ReferrerPolicyDefault);
+COMPILE_ASSERT_MATCHING_ENUM(WebReferrerPolicyNever, SecurityPolicy::ReferrerPolicyNever);
+COMPILE_ASSERT_MATCHING_ENUM(WebReferrerPolicyOrigin, SecurityPolicy::ReferrerPolicyOrigin);
index 627b3f3c17e5be2e719ae569838012d979037a3a..499342e5a7dfb99211500282fafb95402b744717 100644 (file)
@@ -591,6 +591,11 @@ WebVector<WebIconURL> WebFrameImpl::iconURLs(int iconTypes) const
     return WebVector<WebIconURL>();
 }
 
+WebReferrerPolicy WebFrameImpl::referrerPolicy() const
+{
+    return static_cast<WebReferrerPolicy>(m_frame->document()->referrerPolicy());
+}
+
 WebSize WebFrameImpl::scrollOffset() const
 {
     FrameView* view = frameView();
@@ -1073,7 +1078,8 @@ void WebFrameImpl::setReferrerForRequest(WebURLRequest& request, const WebURL& r
         referrer = m_frame->loader()->outgoingReferrer();
     else
         referrer = referrerURL.spec().utf16();
-    if (SecurityPolicy::shouldHideReferrer(request.url(), referrer))
+    referrer = SecurityPolicy::generateReferrerHeader(m_frame->document()->referrerPolicy(), request.url(), referrer);
+    if (referrer.isEmpty())
         return;
     request.setHTTPHeaderField(WebString::fromUTF8("Referer"), referrer);
 }
index 1917a4a8e3c207addd86e8b35f8eac3bcd071a60..37edf49e790ca703269aa6fbdda3e0a21ac8e176 100644 (file)
@@ -70,6 +70,7 @@ public:
     virtual void setName(const WebString&);
     virtual long long identifier() const;
     virtual WebVector<WebIconURL> iconURLs(int iconTypes) const;
+    virtual WebReferrerPolicy referrerPolicy() const;
     virtual WebSize scrollOffset() const;
     virtual void setScrollOffset(const WebSize&);
     virtual WebSize minimumScrollOffset() const;
index 848eb3a90dfc0c70e16039614aee4ba8d3eaf067..471d95a9445b7be860e8ccb810a4a914b8315c38 100644 (file)
@@ -95,6 +95,11 @@ bool WebSecurityPolicy::shouldHideReferrer(const WebURL& url, const WebString& r
     return SecurityPolicy::shouldHideReferrer(url, referrer);
 }
 
+WebString WebSecurityPolicy::generateReferrerHeader(WebReferrerPolicy referrerPolicy, const WebURL& url, const WebString& referrer)
+{
+    return SecurityPolicy::generateReferrerHeader(static_cast<SecurityPolicy::ReferrerPolicy>(referrerPolicy), url, referrer);
+}
+
 void WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(const WebString& scheme)
 {
     SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(scheme);
index b5fabaaaa8869fa7089a759f9068f93b78158c56..9c56ccb0501e6729895b6a43195a257bd81df237 100644 (file)
@@ -1,3 +1,15 @@
+2011-11-21  Jochen Eisinger  <jochen@chromium.org>
+
+        Implement Meta referrer
+        https://bugs.webkit.org/show_bug.cgi?id=72674
+
+        Reviewed by Adam Barth.
+
+        * Plugins/Hosted/HostedNetscapePluginStream.mm:
+        (WebKit::HostedNetscapePluginStream::HostedNetscapePluginStream):
+        * Plugins/WebNetscapePluginStream.mm:
+        (WebNetscapePluginStream::WebNetscapePluginStream):
+
 2011-10-17  Antonio Gomes  <agomes@rim.com>
 
         Pass a Frame* parameter in EditorClient::respondToChangedSelection
index 7e2b03e0ad684cad6ce500eec7573d5708537ff2..7c84ede885d8393b1b1ae9cae3e40fbdf72f3e6a 100644 (file)
@@ -59,8 +59,11 @@ HostedNetscapePluginStream::HostedNetscapePluginStream(NetscapePluginInstancePro
     , m_requestURL([request URL])
     , m_frameLoader(0)
 {
-    if (SecurityPolicy::shouldHideReferrer([request URL], core([instance->pluginView() webFrame])->loader()->outgoingReferrer()))
+    String referrer = SecurityPolicy::generateReferrerHeader(core([instance->pluginView() webFrame])->document()->referrerPolicy(), [request URL], core([instance->pluginView() webFrame])->loader()->outgoingReferrer());
+    if (referrer.isEmpty())
         [m_request.get() _web_setHTTPReferrer:nil];
+    else
+        [m_request.get() _web_setHTTPReferrer:referrer];
 
 #ifndef NDEBUG
     hostedNetscapePluginStreamCounter.increment();
index 8f6f940028e3158cfe0fde755623f6138da530c3..bb7f4d5f5d9138366f3d24c090f883022ff15115 100644 (file)
@@ -172,8 +172,11 @@ WebNetscapePluginStream::WebNetscapePluginStream(NSURLRequest *request, NPP plug
     
     streams().add(&m_stream, plugin);
     
-    if (SecurityPolicy::shouldHideReferrer([request URL], core([view webFrame])->loader()->outgoingReferrer()))
+    String referrer = SecurityPolicy::generateReferrerHeader(core([view webFrame])->document()->referrerPolicy(), [request URL], core([view webFrame])->loader()->outgoingReferrer());
+    if (referrer.isEmpty())
         [m_request.get() _web_setHTTPReferrer:nil];
+    else
+        [m_request.get() _web_setHTTPReferrer:referrer];
 }
 
 WebNetscapePluginStream::~WebNetscapePluginStream()
index 5ae3e04608ec0e6c3a6648b05d11775093674e0c..a2bde7cb6354cbb61b6bbae28fac6e0aac5c33d0 100644 (file)
@@ -1,3 +1,13 @@
+2011-11-21  Jochen Eisinger  <jochen@chromium.org>
+
+        Implement Meta referrer
+        https://bugs.webkit.org/show_bug.cgi?id=72674
+
+        Reviewed by Adam Barth.
+
+        * WebProcess/Plugins/PluginView.cpp:
+        (WebKit::PluginView::loadURL):
+
 2011-11-21  Carlos Garcia Campos  <cgarcia@igalia.com>
 
         Unreviewed. Fix make distcheck build.
index c383ee4104e25a75005d651fc82e1b4b07ab87f0..a8616107376e72192c31045623b0e9d5b6aa51e1 100644 (file)
@@ -985,8 +985,9 @@ void PluginView::loadURL(uint64_t requestID, const String& method, const String&
     frameLoadRequest.resourceRequest().setHTTPBody(FormData::create(httpBody.data(), httpBody.size()));
     frameLoadRequest.setFrameName(target);
 
-    if (!SecurityPolicy::shouldHideReferrer(frameLoadRequest.resourceRequest().url(), frame()->loader()->outgoingReferrer()))
-        frameLoadRequest.resourceRequest().setHTTPReferrer(frame()->loader()->outgoingReferrer());
+    String referrer = SecurityPolicy::generateReferrerHeader(frame()->document()->referrerPolicy(), frameLoadRequest.resourceRequest().url(), frame()->loader()->outgoingReferrer());
+    if (!referrer.isEmpty())
+        frameLoadRequest.resourceRequest().setHTTPReferrer(referrer);
 
     m_pendingURLRequests.append(URLRequest::create(requestID, frameLoadRequest, allowPopups));
     m_pendingURLRequestsTimer.startOneShot(0);