DevTools: override referrer policy for the request if referer header is overriden

Bug: 787173 Change-Id: Ia5d9aec2b96b5cfbfb25ff71d3a436a3575c16fd Reviewed-on: https://chromium-review.googlesource.com/782141Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#518362}

DevTools: override referrer policy for the request if referer header is overriden
Bug: 787173 Change-Id: Ia5d9aec2b96b5cfbfb25ff71d3a436a3575c16fd Reviewed-on: https://chromium-review.googlesource.com/782141Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#518362}
2d9ed3b5 · Andrey Kosyakov · Commit Bot · c966a7a7 · 2d9ed3b5 · 2d9ed3b5
Commit 2d9ed3b5 authored Nov 21, 2017 by Andrey Kosyakov Committed by Commit Bot Nov 21, 2017
3 changed files
--- a/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/network/override-referer-with-downgrade-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/network/override-referer-with-downgrade-expected.txt
+Tests that Referer header can be overriden even when it would violate referrer policy
+Referer header: HTTP_REFERER: https://127.0.0.1:8000/
--- a/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/network/override-referer-with-downgrade.js
+++ b/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/network/override-referer-with-downgrade.js
+(async function(testRunner) {
+  var {page, session, dp} = await testRunner.startURL(
+      'resources/test-page.html',
+      'Tests that Referer header can be overriden even when it would violate referrer policy');
+  dp.Network.enable();
+  await dp.Network.setExtraHTTPHeaders({headers: {'ReFeReR': 'https://127.0.0.1:8000/'}});
+  session.evaluate(`fetch('${testRunner.url('./resources/echo-headers.php?headers=HTTP_REFERER')}')`);
+  var response = (await dp.Network.onceLoadingFinished()).params;
+  var content = await dp.Network.getResponseBody({requestId: response.requestId});
+  testRunner.log(`Referer header: ${content.result.body}`);
+  testRunner.completeTest();
+})
--- a/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp
+++ b/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp
@@ -699,10 +699,16 @@ void InspectorNetworkAgent::WillSendRequest(
  if (headers) {
    for (size_t i = 0; i < headers->size(); ++i) {
      auto header = headers->at(i);
+      AtomicString header_name = AtomicString(header.first);
      String value;
-      if (header.second->asString(&value))
+      if (!header.second->asString(&value))
-        request.SetHTTPHeaderField(AtomicString(header.first),
+        continue;
-                                   AtomicString(value));
+      // When overriding referer, also override referrer policy
+      // for this request to assure the request will be allowed.
+      if (header_name.LowerASCII() == HTTPNames::Referer.LowerASCII())
+        request.SetHTTPReferrer(Referrer(value, kReferrerPolicyAlways));
+      else
+        request.SetHTTPHeaderField(header_name, AtomicString(value));
    }
  }