Changeset 220208 in webkit
- Timestamp:
- Aug 3, 2017 10:19:44 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 31 added
- 29 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r220207 r220208 1 2017-08-03 Chris Dumez <cdumez@apple.com> 2 3 Improve our support for referrer policies 4 https://bugs.webkit.org/show_bug.cgi?id=175069 5 <rdar://problem/33677313> 6 7 Reviewed by Darin Adler. 8 9 * http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http-expected.txt: Added. 10 * http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http.html: Added. 11 * http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt: Added. 12 * http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html: Added. 13 * http/tests/referrer-policy/origin-when-cross-origin/same-origin-expected.txt: Added. 14 * http/tests/referrer-policy/origin-when-cross-origin/same-origin.html: Added. 15 * http/tests/referrer-policy/resources/document.html: Added. 16 * http/tests/referrer-policy/same-origin/cross-origin-http-http-expected.txt: Added. 17 * http/tests/referrer-policy/same-origin/cross-origin-http-http.html: Added. 18 * http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt: Added. 19 * http/tests/referrer-policy/same-origin/cross-origin-http.https.html: Added. 20 * http/tests/referrer-policy/same-origin/same-origin-expected.txt: Added. 21 * http/tests/referrer-policy/same-origin/same-origin.html: Added. 22 * http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt: Added. 23 * http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http.html: Added. 24 * http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt: Added. 25 * http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html: Added. 26 * http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin-expected.txt: Added. 27 * http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin.html: Added. 28 * http/tests/referrer-policy/strict-origin/cross-origin-http-http-expected.txt: Added. 29 * http/tests/referrer-policy/strict-origin/cross-origin-http-http.html: Added. 30 * http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt: Added. 31 * http/tests/referrer-policy/strict-origin/cross-origin-http.https.html: Added. 32 * http/tests/referrer-policy/strict-origin/same-origin-expected.txt: Added. 33 * http/tests/referrer-policy/strict-origin/same-origin.html: Added. 34 Add layout test coverage. 35 36 * http/tests/security/referrer-policy-invalid-expected.txt: 37 Rebaseline test now that console message has changed. 38 1 39 2017-08-03 Daniel Bates <dabates@apple.com> 2 40 -
trunk/LayoutTests/http/tests/security/referrer-policy-invalid-expected.txt
r178527 r220208 1 CONSOLE MESSAGE: line 8: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', ' origin', 'no-referrer-when-downgrade',or 'unsafe-url'. Defaulting to 'no-referrer'.1 CONSOLE MESSAGE: line 8: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'. Defaulting to 'no-referrer'. 2 2 This test checks an invalid referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is empty. 3 3 -
trunk/LayoutTests/imported/w3c/ChangeLog
r220121 r220208 1 2017-08-03 Chris Dumez <cdumez@apple.com> 2 3 Improve our support for referrer policies 4 https://bugs.webkit.org/show_bug.cgi?id=175069 5 <rdar://problem/33677313> 6 7 Reviewed by Darin Adler. 8 9 Rebaseline several WPT tests now that more checks are passing. 10 11 * web-platform-tests/beacon/headers/header-referrer-origin-when-cross-origin-expected.txt: 12 * web-platform-tests/beacon/headers/header-referrer-same-origin-expected.txt: 13 * web-platform-tests/beacon/headers/header-referrer-strict-origin-when-cross-origin.https-expected.txt: 14 * web-platform-tests/beacon/headers/header-referrer-strict-origin.https-expected.txt: 15 * web-platform-tests/beacon/headers/header-referrer-unsafe-url.https-expected.txt: 16 * web-platform-tests/fetch/api/redirect/redirect-referrer-expected.txt: 17 * web-platform-tests/fetch/api/redirect/redirect-referrer-worker-expected.txt: 18 * web-platform-tests/fetch/api/request/request-init-001.sub-expected.txt: 19 1 20 2017-08-01 Chris Dumez <cdumez@apple.com> 2 21 -
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-origin-when-cross-origin-expected.txt
r220121 r220208 1 CONSOLE MESSAGE: line 8: Failed to set referrer policy: The value 'origin-when-cross-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'.2 1 3 FAIL Test referer header http://localhost:8800/beacon/resources/ assert_equals: Correct referrer header result expected "http://localhost:8800/beacon/headers/header-referrer-origin-when-cross-origin.html" but got "" 4 FAIL Test referer header http://127.0.0.1:8800/beacon/resources/ assert_equals: Correct referrer header result expected "http://localhost:8800/" but got "" 2 PASS Test referer header http://localhost:8800/beacon/resources/ 3 PASS Test referer header http://127.0.0.1:8800/beacon/resources/ 5 4 -
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-same-origin-expected.txt
r220121 r220208 1 CONSOLE MESSAGE: line 8: Failed to set referrer policy: The value 'same-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'.2 1 3 FAIL Test referer header /beacon/resources/ assert_equals: Correct referrer header result expected "http://localhost:8800/beacon/headers/header-referrer-same-origin.html" but got "" 2 PASS Test referer header /beacon/resources/ 4 3 PASS Test referer header http://127.0.0.1:8800/beacon/resources/ 5 4 -
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-strict-origin-when-cross-origin.https-expected.txt
r220121 r220208 1 CONSOLE MESSAGE: line 8: Failed to set referrer policy: The value 'strict-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'.2 1 3 FAIL Test referer header https://localhost:9443/beacon/resources/ assert_equals: Correct referrer header result expected "https://localhost:9443/" but got "" 2 PASS Test referer header https://localhost:9443/beacon/resources/ 4 3 PASS Test referer header http://localhost:8800/beacon/resources/ 5 4 -
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-strict-origin.https-expected.txt
r220121 r220208 1 CONSOLE MESSAGE: line 8: Failed to set referrer policy: The value 'strict-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'.2 1 3 FAIL Test referer header https://localhost:9443/beacon/resources/ assert_equals: Correct referrer header result expected "https://localhost:9443/" but got "" 2 PASS Test referer header https://localhost:9443/beacon/resources/ 4 3 PASS Test referer header http://localhost:8800/beacon/resources/ 5 4 -
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/headers/header-referrer-unsafe-url.https-expected.txt
r220121 r220208 1 1 2 FAIL Test referer header http://localhost:8800/beacon/resources/ assert_equals: Correct referrer header result expected "https://localhost:9443/beacon/headers/header-referrer-unsafe-url.https.html" but got "" 2 PASS Test referer header http://localhost:8800/beacon/resources/ 3 3 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer-expected.txt
r210823 r220208 10 10 PASS Same origin redirection, empty redirect header, unsafe-url init 11 11 PASS Same origin redirection, empty redirect header, no-referrer-when-downgrade init 12 FAIL Same origin redirection, empty redirect header, same-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error" 12 PASS Same origin redirection, empty redirect header, same-origin init 13 13 PASS Same origin redirection, empty redirect header, origin init 14 14 PASS Same origin redirection, empty redirect header, origin-when-cross-origin init 15 15 PASS Same origin redirection, empty redirect header, no-referrer init 16 FAIL Same origin redirection, empty redirect header, strict-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error" 17 FAIL Same origin redirection, empty redirect header, strict-origin-when-cross-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error" 16 PASS Same origin redirection, empty redirect header, strict-origin init 17 PASS Same origin redirection, empty redirect header, strict-origin-when-cross-origin init 18 18 FAIL Cross origin redirection, empty init, unsafe-url redirect header assert_equals: Check referrer header expected (string) "http://localhost:8800/fetch/api/redirect/redirect-referrer.html" but got (object) null 19 19 FAIL Cross origin redirection, empty init, no-referrer-when-downgrade redirect header assert_equals: Check referrer header expected (string) "http://localhost:8800/fetch/api/redirect/redirect-referrer.html" but got (object) null … … 26 26 FAIL Cross origin redirection, empty redirect header, unsafe-url init assert_equals: Check referrer header expected (string) "http://localhost:8800/fetch/api/redirect/redirect-referrer.html" but got (object) null 27 27 FAIL Cross origin redirection, empty redirect header, no-referrer-when-downgrade init assert_equals: Check referrer header expected (string) "http://localhost:8800/fetch/api/redirect/redirect-referrer.html" but got (object) null 28 FAIL Cross origin redirection, empty redirect header, same-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error" 28 PASS Cross origin redirection, empty redirect header, same-origin init 29 29 FAIL Cross origin redirection, empty redirect header, origin init assert_equals: Check referrer header expected (string) "http://localhost:8800/" but got (object) null 30 30 FAIL Cross origin redirection, empty redirect header, origin-when-cross-origin init assert_equals: Check referrer header expected (string) "http://localhost:8800/" but got (object) null 31 31 PASS Cross origin redirection, empty redirect header, no-referrer init 32 FAIL Cross origin redirection, empty redirect header, strict-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error"33 FAIL Cross origin redirection, empty redirect header, strict-origin-when-cross-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error"32 FAIL Cross origin redirection, empty redirect header, strict-origin init assert_equals: Check referrer header expected (string) "http://localhost:8800/" but got (object) null 33 FAIL Cross origin redirection, empty redirect header, strict-origin-when-cross-origin init assert_equals: Check referrer header expected (string) "http://localhost:8800/" but got (object) null 34 34 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer-worker-expected.txt
r210823 r220208 10 10 PASS Same origin redirection, empty redirect header, unsafe-url init 11 11 PASS Same origin redirection, empty redirect header, no-referrer-when-downgrade init 12 FAIL Same origin redirection, empty redirect header, same-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error" 12 PASS Same origin redirection, empty redirect header, same-origin init 13 13 PASS Same origin redirection, empty redirect header, origin init 14 14 PASS Same origin redirection, empty redirect header, origin-when-cross-origin init 15 15 PASS Same origin redirection, empty redirect header, no-referrer init 16 FAIL Same origin redirection, empty redirect header, strict-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error" 17 FAIL Same origin redirection, empty redirect header, strict-origin-when-cross-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error" 16 PASS Same origin redirection, empty redirect header, strict-origin init 17 PASS Same origin redirection, empty redirect header, strict-origin-when-cross-origin init 18 18 FAIL Cross origin redirection, empty init, unsafe-url redirect header assert_equals: Check referrer header expected (string) "http://localhost:8800/fetch/api/redirect/redirect-referrer.js" but got (object) null 19 19 FAIL Cross origin redirection, empty init, no-referrer-when-downgrade redirect header assert_equals: Check referrer header expected (string) "http://localhost:8800/fetch/api/redirect/redirect-referrer.js" but got (object) null … … 26 26 FAIL Cross origin redirection, empty redirect header, unsafe-url init assert_equals: Check referrer header expected (string) "http://localhost:8800/fetch/api/redirect/redirect-referrer.js" but got (object) null 27 27 FAIL Cross origin redirection, empty redirect header, no-referrer-when-downgrade init assert_equals: Check referrer header expected (string) "http://localhost:8800/fetch/api/redirect/redirect-referrer.js" but got (object) null 28 FAIL Cross origin redirection, empty redirect header, same-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error" 28 PASS Cross origin redirection, empty redirect header, same-origin init 29 29 FAIL Cross origin redirection, empty redirect header, origin init assert_equals: Check referrer header expected (string) "http://localhost:8800/" but got (object) null 30 30 FAIL Cross origin redirection, empty redirect header, origin-when-cross-origin init assert_equals: Check referrer header expected (string) "http://localhost:8800/" but got (object) null 31 31 PASS Cross origin redirection, empty redirect header, no-referrer init 32 FAIL Cross origin redirection, empty redirect header, strict-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error"33 FAIL Cross origin redirection, empty redirect header, strict-origin-when-cross-origin init promise_test: Unhandled rejection with value: object "TypeError: Type error"32 FAIL Cross origin redirection, empty redirect header, strict-origin init assert_equals: Check referrer header expected (string) "http://localhost:8800/" but got (object) null 33 FAIL Cross origin redirection, empty redirect header, strict-origin-when-cross-origin init assert_equals: Check referrer header expected (string) "http://localhost:8800/" but got (object) null 34 34 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-init-001.sub-expected.txt
r217225 r220208 19 19 PASS Check referrerPolicy init value of origin-when-cross-origin and associated getter 20 20 PASS Check referrerPolicy init value of unsafe-url and associated getter 21 FAIL Check referrerPolicy init value of same-origin and associated getter Type error 22 FAIL Check referrerPolicy init value of strict-origin and associated getter Type error 23 FAIL Check referrerPolicy init value of strict-origin-when-cross-origin and associated getter Type error 21 PASS Check referrerPolicy init value of same-origin and associated getter 22 PASS Check referrerPolicy init value of strict-origin and associated getter 23 PASS Check referrerPolicy init value of strict-origin-when-cross-origin and associated getter 24 24 PASS Check mode init value of same-origin and associated getter 25 25 PASS Check mode init value of no-cors and associated getter -
trunk/Source/WebCore/ChangeLog
r220207 r220208 1 2017-08-03 Chris Dumez <cdumez@apple.com> 2 3 Improve our support for referrer policies 4 https://bugs.webkit.org/show_bug.cgi?id=175069 5 <rdar://problem/33677313> 6 7 Reviewed by Darin Adler. 8 9 Improve our support for referrer policies. In particular, we now support the 10 additional following ones: "same-origin", "origin-when-cross-origin" and 11 "strict-origin-when-cross-origin". 12 13 This is as per the following specification: 14 - https://www.w3.org/TR/referrer-policy/#referrer-policies 15 16 Also refactor the code a bit for clarity: I merged the ReferrerPolicy enum and the 17 FetchOptions::ReferrerPolicy one. 18 19 Tests: http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http.html 20 http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html 21 http/tests/referrer-policy/origin-when-cross-origin/same-origin.html 22 http/tests/referrer-policy/same-origin/cross-origin-http-http.html 23 http/tests/referrer-policy/same-origin/cross-origin-http.https.html 24 http/tests/referrer-policy/same-origin/same-origin.html 25 http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http.html 26 http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html 27 http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin.html 28 http/tests/referrer-policy/strict-origin/cross-origin-http-http.html 29 http/tests/referrer-policy/strict-origin/cross-origin-http.https.html 30 http/tests/referrer-policy/strict-origin/same-origin.html 31 32 * Modules/fetch/FetchLoader.cpp: 33 (WebCore::FetchLoader::start): 34 * Modules/fetch/FetchReferrerPolicy.h: 35 * Modules/fetch/FetchReferrerPolicy.idl: 36 * Modules/fetch/FetchRequest.h: 37 * Modules/fetch/FetchRequestInit.h: 38 * dom/Document.cpp: 39 (WebCore::Document::processReferrerPolicy): 40 (WebCore::Document::applyQuickLookSandbox): 41 (WebCore::Document::applyContentDispositionAttachmentSandbox): 42 * dom/Document.h: 43 * loader/FetchOptions.h: 44 * loader/FrameNetworkingContext.h: 45 * loader/PingLoader.cpp: 46 (WebCore::PingLoader::sendBeacon): 47 Drop explicit call to SecurityPolicy::shouldHideReferrer(). This is already called inside 48 SecurityPolicy::generateReferrerHeader() and used only when needed, depending on the 49 actual referrer policy. 50 51 * loader/cache/CachedResourceLoader.cpp: 52 (WebCore::CachedResourceLoader::updateHTTPRequestHeaders): 53 * loader/cache/CachedResourceRequest.cpp: 54 (WebCore::CachedResourceRequest::updateReferrerOriginAndUserAgentHeaders): 55 * page/SecurityPolicy.cpp: 56 (WebCore::referrerToOriginString): 57 (WebCore::SecurityPolicy::generateReferrerHeader): 58 * page/SecurityPolicy.h: 59 * platform/ReferrerPolicy.h: 60 1 61 2017-08-03 Daniel Bates <dabates@apple.com> 2 62 -
trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp
r212993 r220208 97 97 String referrer = request.internalRequestReferrer(); 98 98 if (referrer == "no-referrer") { 99 options.referrerPolicy = FetchOptions::ReferrerPolicy::NoReferrer;99 options.referrerPolicy = ReferrerPolicy::NoReferrer; 100 100 referrer = String(); 101 101 } else -
trunk/Source/WebCore/Modules/fetch/FetchReferrerPolicy.h
r220006 r220208 26 26 #pragma once 27 27 28 #include " FetchOptions.h"28 #include "ReferrerPolicy.h" 29 29 30 30 namespace WebCore { 31 31 32 using FetchReferrerPolicy = FetchOptions::ReferrerPolicy;32 using FetchReferrerPolicy = ReferrerPolicy; 33 33 34 34 } -
trunk/Source/WebCore/Modules/fetch/FetchReferrerPolicy.idl
r220006 r220208 24 24 */ 25 25 26 enum FetchReferrerPolicy { "", "no-referrer", "no-referrer-when-downgrade", "origin", "origin-when-cross-origin", "unsafe-url" }; 26 // https://w3c.github.io/webappsec-referrer-policy/#referrer-policy 27 enum FetchReferrerPolicy { 28 "", 29 "no-referrer", 30 "no-referrer-when-downgrade", 31 "same-origin", 32 "origin", 33 "strict-origin", 34 "origin-when-cross-origin", 35 "strict-origin-when-cross-origin", 36 "unsafe-url" 37 }; -
trunk/Source/WebCore/Modules/fetch/FetchRequest.h
r220050 r220208 54 54 using Mode = FetchOptions::Mode; 55 55 using Redirect = FetchOptions::Redirect; 56 using ReferrerPolicy = FetchOptions::ReferrerPolicy;57 56 using Type = FetchOptions::Type; 58 57 -
trunk/Source/WebCore/Modules/fetch/FetchRequestInit.h
r220050 r220208 40 40 std::optional<FetchBody::Init> body; 41 41 String referrer; 42 std::optional< FetchOptions::ReferrerPolicy> referrerPolicy;42 std::optional<ReferrerPolicy> referrerPolicy; 43 43 std::optional<FetchOptions::Mode> mode; 44 44 std::optional<FetchOptions::Credentials> credentials; -
trunk/Source/WebCore/dom/Document.cpp
r220163 r220208 3378 3378 #endif 3379 3379 3380 // Note that we're supporting both the standard and legacy keywords for referrer3381 // policies, as defined by http://www.w3.org/TR/referrer-policy/#referrer-policy-delivery-meta3380 // "never" / "default" / "always" are legacy keywords that we will support. They were defined in: 3381 // https://www.w3.org/TR/2014/WD-referrer-policy-20140807/#referrer-policy-delivery-meta 3382 3382 if (equalLettersIgnoringASCIICase(policy, "no-referrer") || equalLettersIgnoringASCIICase(policy, "never")) 3383 setReferrerPolicy(ReferrerPolicy::N ever);3383 setReferrerPolicy(ReferrerPolicy::NoReferrer); 3384 3384 else if (equalLettersIgnoringASCIICase(policy, "unsafe-url") || equalLettersIgnoringASCIICase(policy, "always")) 3385 setReferrerPolicy(ReferrerPolicy:: Always);3385 setReferrerPolicy(ReferrerPolicy::UnsafeUrl); 3386 3386 else if (equalLettersIgnoringASCIICase(policy, "origin")) 3387 3387 setReferrerPolicy(ReferrerPolicy::Origin); 3388 else if (equalLettersIgnoringASCIICase(policy, "origin-when-cross-origin")) 3389 setReferrerPolicy(ReferrerPolicy::OriginWhenCrossOrigin); 3390 else if (equalLettersIgnoringASCIICase(policy, "same-origin")) 3391 setReferrerPolicy(ReferrerPolicy::SameOrigin); 3392 else if (equalLettersIgnoringASCIICase(policy, "strict-origin")) 3393 setReferrerPolicy(ReferrerPolicy::StrictOrigin); 3394 else if (equalLettersIgnoringASCIICase(policy, "strict-origin-when-cross-origin")) 3395 setReferrerPolicy(ReferrerPolicy::StrictOriginWhenCrossOrigin); 3388 3396 else if (equalLettersIgnoringASCIICase(policy, "no-referrer-when-downgrade") || equalLettersIgnoringASCIICase(policy, "default")) 3389 setReferrerPolicy(ReferrerPolicy:: Default);3397 setReferrerPolicy(ReferrerPolicy::NoReferrerWhenDowngrade); 3390 3398 else { 3391 addConsoleMessage(MessageSource::Rendering, MessageLevel::Error, "Failed to set referrer policy: The value '" + policy + "' is not one of 'no-referrer', ' origin', 'no-referrer-when-downgrade',or 'unsafe-url'. Defaulting to 'no-referrer'.");3392 setReferrerPolicy(ReferrerPolicy::N ever);3399 addConsoleMessage(MessageSource::Rendering, MessageLevel::Error, "Failed to set referrer policy: The value '" + policy + "' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'. Defaulting to 'no-referrer'."); 3400 setReferrerPolicy(ReferrerPolicy::NoReferrer); 3393 3401 } 3394 3402 } … … 7042 7050 disableSandboxFlags(SandboxNavigation); 7043 7051 7044 setReferrerPolicy(ReferrerPolicy::N ever);7052 setReferrerPolicy(ReferrerPolicy::NoReferrer); 7045 7053 } 7046 7054 #endif … … 7063 7071 ASSERT(shouldEnforceContentDispositionAttachmentSandbox()); 7064 7072 7065 setReferrerPolicy(ReferrerPolicy::N ever);7073 setReferrerPolicy(ReferrerPolicy::NoReferrer); 7066 7074 if (!isMediaDocument()) 7067 7075 enforceSandboxFlags(SandboxAll); -
trunk/Source/WebCore/dom/Document.h
r220085 r220208 1740 1740 bool m_userHasInteractedWithMediaElement { false }; 1741 1741 PageCacheState m_pageCacheState { NotInPageCache }; 1742 ReferrerPolicy m_referrerPolicy { ReferrerPolicy:: Default};1742 ReferrerPolicy m_referrerPolicy { ReferrerPolicy::NoReferrerWhenDowngrade }; 1743 1743 ReadyState m_readyState { Complete }; 1744 1744 SelectionRestorationMode m_updateFocusAppearanceRestoresSelection { SelectionRestorationMode::SetDefault }; -
trunk/Source/WebCore/loader/FetchOptions.h
r216553 r220208 29 29 #pragma once 30 30 31 #include "ReferrerPolicy.h" 31 32 #include <wtf/text/WTFString.h> 32 33 … … 52 53 Redirect redirect { Redirect::Follow }; 53 54 54 enum class ReferrerPolicy { EmptyString, NoReferrer, NoReferrerWhenDowngrade, Origin, OriginWhenCrossOrigin, UnsafeUrl };55 55 ReferrerPolicy referrerPolicy { ReferrerPolicy::EmptyString }; 56 56 -
trunk/Source/WebCore/loader/FrameNetworkingContext.h
r200361 r220208 40 40 return true; 41 41 42 return m_frame->document()->referrerPolicy() == ReferrerPolicy:: Default;42 return m_frame->document()->referrerPolicy() == ReferrerPolicy::NoReferrerWhenDowngrade; 43 43 } 44 44 -
trunk/Source/WebCore/loader/PingLoader.cpp
r220121 r220208 263 263 264 264 FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin.toString()); 265 if (!SecurityPolicy::shouldHideReferrer(url, frame.loader().outgoingReferrer())) { 266 String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), url, frame.loader().outgoingReferrer()); 267 if (!referrer.isEmpty()) 268 request.setHTTPReferrer(referrer); 269 } 265 String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), url, frame.loader().outgoingReferrer()); 266 if (!referrer.isEmpty()) 267 request.setHTTPReferrer(referrer); 270 268 271 269 request.setAllowCookies(true); // Credentials mode: include. -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r219954 r220208 671 671 // FIXME: We shouldn't need to do the check on frame. 672 672 if (auto* frame = this->frame()) 673 request.updateReferrerOriginAndUserAgentHeaders(frame->loader(), document() ? document()->referrerPolicy() : ReferrerPolicy:: Default);673 request.updateReferrerOriginAndUserAgentHeaders(frame->loader(), document() ? document()->referrerPolicy() : ReferrerPolicy::NoReferrerWhenDowngrade); 674 674 } 675 675 -
trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp
r213126 r220208 233 233 } 234 234 235 // FIXME: Refactor SecurityPolicy::generateReferrerHeader to align with new terminology used in https://w3c.github.io/webappsec-referrer-policy.236 235 switch (m_options.referrerPolicy) { 237 case FetchOptions::ReferrerPolicy::EmptyString: {236 case ReferrerPolicy::EmptyString: 238 237 outgoingReferrer = SecurityPolicy::generateReferrerHeader(defaultPolicy, m_resourceRequest.url(), outgoingReferrer); 239 break; } 240 case FetchOptions::ReferrerPolicy::NoReferrerWhenDowngrade: 241 outgoingReferrer = SecurityPolicy::generateReferrerHeader(ReferrerPolicy::Default, m_resourceRequest.url(), outgoingReferrer); 242 break; 243 case FetchOptions::ReferrerPolicy::NoReferrer: 244 outgoingReferrer = String(); 245 break; 246 case FetchOptions::ReferrerPolicy::Origin: 247 outgoingReferrer = SecurityPolicy::generateReferrerHeader(ReferrerPolicy::Origin, m_resourceRequest.url(), outgoingReferrer); 248 break; 249 case FetchOptions::ReferrerPolicy::OriginWhenCrossOrigin: 250 if (isRequestCrossOrigin(m_origin.get(), m_resourceRequest.url(), m_options)) 251 outgoingReferrer = SecurityPolicy::generateReferrerHeader(ReferrerPolicy::Origin, m_resourceRequest.url(), outgoingReferrer); 252 break; 253 case FetchOptions::ReferrerPolicy::UnsafeUrl: 238 break; 239 default: 240 outgoingReferrer = SecurityPolicy::generateReferrerHeader(m_options.referrerPolicy, m_resourceRequest.url(), outgoingReferrer); 254 241 break; 255 242 }; -
trunk/Source/WebCore/page/SecurityPolicy.cpp
r204466 r220208 68 68 } 69 69 70 static String referrerToOriginString(const String& referrer) 71 { 72 String originString = SecurityOrigin::createFromString(referrer)->toString(); 73 if (originString == "null") 74 return String(); 75 // A security origin is not a canonical URL as it lacks a path. Add / 76 // to turn it into a canonical URL we can use as referrer. 77 return originString + "/"; 78 } 79 70 80 String SecurityPolicy::generateReferrerHeader(ReferrerPolicy referrerPolicy, const URL& url, const String& referrer) 71 81 { … … 79 89 80 90 switch (referrerPolicy) { 81 case ReferrerPolicy::Never: 82 return String(); 83 case ReferrerPolicy::Always: 91 case ReferrerPolicy::EmptyString: 92 ASSERT_NOT_REACHED(); 93 break; 94 case ReferrerPolicy::NoReferrer: 95 return String(); 96 case ReferrerPolicy::NoReferrerWhenDowngrade: 97 break; 98 case ReferrerPolicy::SameOrigin: { 99 auto origin = SecurityOrigin::createFromString(referrer); 100 if (!origin->canRequest(url)) 101 return String(); 102 break; 103 } 104 case ReferrerPolicy::Origin: 105 return referrerToOriginString(referrer); 106 case ReferrerPolicy::StrictOrigin: 107 if (shouldHideReferrer(url, referrer)) 108 return String(); 109 return referrerToOriginString(referrer); 110 case ReferrerPolicy::OriginWhenCrossOrigin: { 111 auto origin = SecurityOrigin::createFromString(referrer); 112 if (!origin->canRequest(url)) 113 return referrerToOriginString(referrer); 114 break; 115 } 116 case ReferrerPolicy::StrictOriginWhenCrossOrigin: { 117 auto origin = SecurityOrigin::createFromString(referrer); 118 if (!origin->canRequest(url)) { 119 if (shouldHideReferrer(url, referrer)) 120 return String(); 121 return referrerToOriginString(referrer); 122 } 123 break; 124 } 125 case ReferrerPolicy::UnsafeUrl: 84 126 return referrer; 85 case ReferrerPolicy::Origin: {86 String origin = SecurityOrigin::createFromString(referrer)->toString();87 if (origin == "null")88 return String();89 // A security origin is not a canonical URL as it lacks a path. Add /90 // to turn it into a canonical URL we can use as referrer.91 return origin + "/";92 }93 case ReferrerPolicy::Default:94 break;95 127 } 96 128 -
trunk/Source/WebCore/page/SecurityPolicy.h
r200361 r220208 29 29 #pragma once 30 30 31 #include " ReferrerPolicy.h"31 #include "FetchOptions.h" 32 32 #include <wtf/text/WTFString.h> 33 33 -
trunk/Source/WebCore/platform/ReferrerPolicy.h
r200361 r220208 1 1 /* 2 2 * Copyright (C) 2012 Google Inc. All rights reserved. 3 * Copyright (C) 2017 Apple Inc. All rights reserved. 3 4 * 4 5 * Redistribution and use in source and binary forms, with or without … … 34 35 namespace WebCore { 35 36 36 // The following is needed to compile on GTK because of a macro defined in X11.h.37 // FIXME: Move this workaround to a global location, perhaps config.h; maybe a GTK-specific location.38 #undef Always39 40 // FIXME: Merge this with FetchOptions::ReferrerPolicy, which is the one defined in the Fetch specification.41 37 enum class ReferrerPolicy { 42 Always,43 Default,44 N ever,45 // Same as Always, except that only the origin of the referring URL is sent.38 EmptyString, 39 NoReferrer, 40 NoReferrerWhenDowngrade, 41 SameOrigin, 46 42 Origin, 43 StrictOrigin, 44 OriginWhenCrossOrigin, 45 StrictOriginWhenCrossOrigin, 46 UnsafeUrl 47 47 }; 48 48 -
trunk/Source/WebKit/ChangeLog
r220185 r220208 1 2017-08-03 Chris Dumez <cdumez@apple.com> 2 3 Improve our support for referrer policies 4 https://bugs.webkit.org/show_bug.cgi?id=175069 5 <rdar://problem/33677313> 6 7 Reviewed by Darin Adler. 8 9 * WebProcess/Network/WebLoaderStrategy.cpp: 10 (WebKit::WebLoaderStrategy::loadResource): 11 (WebKit::WebLoaderStrategy::schedulePluginStreamLoad): 12 1 13 2017-08-02 Chris Dumez <cdumez@apple.com> 2 14 -
trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
r219702 r220208 86 86 RefPtr<SubresourceLoader> loader = SubresourceLoader::create(frame, resource, request, options); 87 87 if (loader) 88 scheduleLoad(*loader, &resource, frame.document()->referrerPolicy() == ReferrerPolicy:: Default);88 scheduleLoad(*loader, &resource, frame.document()->referrerPolicy() == ReferrerPolicy::NoReferrerWhenDowngrade); 89 89 else 90 90 RELEASE_LOG_IF_ALLOWED(frame, "loadResource: Unable to create SubresourceLoader (frame = %p", &frame); … … 96 96 RefPtr<NetscapePlugInStreamLoader> loader = NetscapePlugInStreamLoader::create(frame, client, request); 97 97 if (loader) 98 scheduleLoad(*loader, 0, frame.document()->referrerPolicy() == ReferrerPolicy:: Default);98 scheduleLoad(*loader, 0, frame.document()->referrerPolicy() == ReferrerPolicy::NoReferrerWhenDowngrade); 99 99 return loader; 100 100 }
Note: See TracChangeset
for help on using the changeset viewer.