servo: Merge #11978 - Add "origin" and "same-origin" referrer policies, replacing "origin-only" (from aravind-pg:new-referrer-pols); r=jdm
authorAravind Gollakota <aravindprasant@gmail.com>
Tue, 12 Jul 2016 13:44:33 -0700
changeset 339275 b3c359d819abbd4ad662fbdc67406224851509aa
parent 339274 008f21a1af9b8837d429dc97c4fca9b0d03294dc
child 339276 40a5a9a1f0832cebfe70a947f767216bf4f96b75
push id31307
push usergszorc@mozilla.com
push dateSat, 04 Feb 2017 00:59:06 +0000
treeherdermozilla-central@94079d43835f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjdm
servo: Merge #11978 - Add "origin" and "same-origin" referrer policies, replacing "origin-only" (from aravind-pg:new-referrer-pols); r=jdm <!-- Please describe your changes on the following line: --> --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #11384 - [X] There are tests for these changes <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> Source-Repo: https://github.com/servo/servo Source-Revision: 37dbb502089a4b05eaaa53764a7f37cfe19523c9
servo/components/msg/constellation_msg.rs
servo/components/net/http_loader.rs
servo/components/script/dom/document.rs
servo/tests/unit/net/http_loader.rs
--- a/servo/components/msg/constellation_msg.rs
+++ b/servo/components/msg/constellation_msg.rs
@@ -328,12 +328,13 @@ pub enum FrameType {
 }
 
 /// [Policies](https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-states)
 /// for providing a referrer header for a request
 #[derive(Clone, Copy, Debug, Deserialize, HeapSizeOf, Serialize)]
 pub enum ReferrerPolicy {
     NoReferrer,
     NoRefWhenDowngrade,
-    OriginOnly,
+    Origin,
+    SameOrigin,
     OriginWhenCrossOrigin,
     UnsafeUrl,
 }
--- a/servo/components/net/http_loader.rs
+++ b/servo/components/net/http_loader.rs
@@ -453,17 +453,18 @@ pub fn determine_request_referrer(header
                                   referrer_url: Option<Url>,
                                   url: Url) -> Option<Url> {
     //TODO - algorithm step 2 not addressed
     assert!(!headers.has::<Referer>());
     if let Some(ref_url) = referrer_url {
         let cross_origin = ref_url.origin() != url.origin();
         return match referrer_policy {
             Some(ReferrerPolicy::NoReferrer) => None,
-            Some(ReferrerPolicy::OriginOnly) => strip_url(ref_url, true),
+            Some(ReferrerPolicy::Origin) => strip_url(ref_url, true),
+            Some(ReferrerPolicy::SameOrigin) => if cross_origin { None } else { strip_url(ref_url, false) },
             Some(ReferrerPolicy::UnsafeUrl) => strip_url(ref_url, false),
             Some(ReferrerPolicy::OriginWhenCrossOrigin) => strip_url(ref_url, cross_origin),
             Some(ReferrerPolicy::NoRefWhenDowngrade) | None => no_ref_when_downgrade_header(ref_url, url),
         };
     }
     return None;
 }
 
--- a/servo/components/script/dom/document.rs
+++ b/servo/components/script/dom/document.rs
@@ -2827,17 +2827,18 @@ fn update_with_current_time_ms(marker: &
 }
 
 /// https://w3c.github.io/webappsec-referrer-policy/#determine-policy-for-token
 pub fn determine_policy_for_token(token: &str) -> Option<ReferrerPolicy> {
     let lower = token.to_lowercase();
     return match lower.as_ref() {
         "never" | "no-referrer" => Some(ReferrerPolicy::NoReferrer),
         "default" | "no-referrer-when-downgrade" => Some(ReferrerPolicy::NoRefWhenDowngrade),
-        "origin" => Some(ReferrerPolicy::OriginOnly),
+        "origin" => Some(ReferrerPolicy::Origin),
+        "same-origin" => Some(ReferrerPolicy::SameOrigin),
         "origin-when-cross-origin" => Some(ReferrerPolicy::OriginWhenCrossOrigin),
         "always" | "unsafe-url" => Some(ReferrerPolicy::UnsafeUrl),
         "" => Some(ReferrerPolicy::NoReferrer),
         _ => None,
     }
 }
 
 pub struct DocumentProgressHandler {
--- a/servo/tests/unit/net/http_loader.rs
+++ b/servo/tests/unit/net/http_loader.rs
@@ -1621,31 +1621,60 @@ fn assert_referer_header_not_included(or
         &load_data.clone(), &ui_provider, &http_state, None,
         &AssertMustNotIncludeHeadersRequestFactory {
             headers_not_expected: vec!["Referer".to_owned()],
             body: <[_]>::to_vec(&[])
         }, DEFAULT_USER_AGENT.to_owned(), &CancellationListener::new(None));
 }
 
 #[test]
-fn test_referer_set_to_origin_with_originonly_policy() {
+fn test_referer_set_to_origin_with_origin_policy() {
     let request_url = "http://mozilla.com";
     let referrer_url = "http://username:password@someurl.com/some/path#fragment";
-    let referrer_policy = Some(ReferrerPolicy::OriginOnly);
+    let referrer_policy = Some(ReferrerPolicy::Origin);
     let expected_referrer = "http://someurl.com/";
 
     let origin_info = LoadOriginInfo {
         referrer_url: referrer_url,
         referrer_policy: referrer_policy
     };
 
     assert_referer_header_matches(&origin_info, request_url, expected_referrer);
 }
 
 #[test]
+fn test_referer_set_to_ref_url_with_sameorigin_policy_same_orig() {
+    let request_url = "http://mozilla.com";
+    let referrer_url = "http://username:password@mozilla.com/some/path#fragment";
+    let referrer_policy = Some(ReferrerPolicy::SameOrigin);
+    let expected_referrer = "http://mozilla.com/some/path";
+
+    let origin_info = LoadOriginInfo {
+        referrer_url: referrer_url,
+        referrer_policy: referrer_policy
+    };
+
+    assert_referer_header_matches(&origin_info, request_url, expected_referrer);
+}
+
+#[test]
+fn test_no_referer_set_with_sameorigin_policy_cross_orig() {
+    let request_url = "http://mozilla.com";
+    let referrer_url = "http://username:password@someurl.com/some/path#fragment";
+    let referrer_policy = Some(ReferrerPolicy::SameOrigin);
+
+    let origin_info = LoadOriginInfo {
+        referrer_url: referrer_url,
+        referrer_policy: referrer_policy
+    };
+
+    assert_referer_header_not_included(&origin_info, request_url);
+}
+
+#[test]
 fn test_referer_set_to_stripped_url_with_unsafeurl_policy() {
     let request_url = "http://mozilla.com";
     let referrer_url = "http://username:password@someurl.com/some/path#fragment";
     let referrer_policy = Some(ReferrerPolicy::UnsafeUrl);
     let expected_referrer = "http://someurl.com/some/path";
     let origin_info = LoadOriginInfo {
         referrer_url: referrer_url,
         referrer_policy: referrer_policy