-
Dominic Farolino authored
We're seeing a spike of DumpWithoutCrashes() from NetworkServiceNetworkDelegate in crbug.com/1090391. This indicates a request's referrer violates its policy. From debugging Windows minidups, I found that all or most of the DWCs are coming from the following scenario: - A site is loaded over HTTP and is not upgraded - It is sent with the following Response Headers: - Content-Security-Policy: `upgrade-insecure-requests` - Referrer-Policy: `origin-when-cross-origin` - All subresource requests on the page are requested as relative URLs, which are necessarily upgraded to HTTPs - These upgraded URLs are of course cross-origin with the HTTP main resource, so their referrer is restricted to the origin. - However, for iframe navigations, the browser process upgrades the request to HTTPs, but does not re-compute the referrer. This CL fixes that, and adds two tests: - HTTP page with origin-when-cross-origin policy requesting an upgraded iframe - Assert that the `Referer` is correctly redacted - HTTPs page requests an HTTP iframe that gets upgraded to HTTPs to be same-origin - Assert that the `Referer` is not redacted R=jochen@chromium.org,kinuko@chromium.org Bug: 1090391, 1093160 Change-Id: Ib4e0da6e68850ae478020643d4c0fabca4e87e30 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2236900 Commit-Queue: Dominic Farolino <dom@chromium.org> Reviewed-by:Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#776818}
1faf74d9
