Hook up EnableReferrers pref to NetworkContexts.

The causes the parameter to work when the network service is enabled. This CL disables referrers for Safe Browsing requests when the network service is enabled - none of the requests use referrers, so it seems like hooking up the kEnableReferrers pref to that NetworkContext is more effort than it's worth. Never send it rather than always send it just to make sure we respect the user's preference, when referrers are disabled. Bug: 838906 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I8c9d8350bfce99e1140900f5dbcbda9eb0cc9718 Reviewed-on: https://chromium-review.googlesource.com/1087570 Commit-Queue: Matt Menke <mmenke@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Dominic Battré <battre@chromium.org> Reviewed-by: Maks Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/master@{#568172}

Hook up EnableReferrers pref to NetworkContexts.
The causes the parameter to work when the network service is enabled. This CL disables referrers for Safe Browsing requests when the network service is enabled - none of the requests use referrers, so it seems like hooking up the kEnableReferrers pref to that NetworkContext is more effort than it's worth. Never send it rather than always send it just to make sure we respect the user's preference, when referrers are disabled. Bug: 838906 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I8c9d8350bfce99e1140900f5dbcbda9eb0cc9718 Reviewed-on: https://chromium-review.googlesource.com/1087570 Commit-Queue: Matt Menke <mmenke@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Dominic Battré <battre@chromium.org> Reviewed-by: Maks Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/master@{#568172}
b63ff0d9 · Matt Menke · Commit Bot · bb3a6f95 · b63ff0d9 · b63ff0d9
Commit b63ff0d9 authored Jun 18, 2018 by Matt Menke Committed by Commit Bot Jun 18, 2018
21 changed files
--- a/chrome/browser/extensions/api/web_request/web_request_api_unittest.cc
+++ b/chrome/browser/extensions/api/web_request/web_request_api_unittest.cc
@@ -229,10 +229,8 @@ class ExtensionWebRequestTest : public testing::Test {
  void SetUp() override {
    ASSERT_TRUE(profile_manager_.SetUp());
    ChromeNetworkDelegate::InitializePrefsOnUIThread(
-        &enable_referrers_, nullptr, nullptr, nullptr,
-        profile_.GetTestingPrefService());
-    network_delegate_.reset(
-        new ChromeNetworkDelegate(event_router_.get(), &enable_referrers_));
+        nullptr, nullptr, nullptr, profile_.GetTestingPrefService());
+    network_delegate_.reset(new ChromeNetworkDelegate(event_router_.get()));
    network_delegate_->set_profile(&profile_);
    network_delegate_->set_cookie_settings(
        CookieSettingsFactory::GetForProfile(&profile_).get());
@@ -252,7 +250,6 @@ class ExtensionWebRequestTest : public testing::Test {
  TestingProfile profile_;
  TestingProfileManager profile_manager_;
  net::TestDelegate delegate_;
-  BooleanPrefMember enable_referrers_;
  TestIPCSender ipc_sender_;
  scoped_refptr<EventRouterForwarder> event_router_;
  std::unique_ptr<ChromeNetworkDelegate> network_delegate_;
@@ -1125,10 +1122,8 @@ class ExtensionWebRequestHeaderModificationTest
  void SetUp() override {
    ASSERT_TRUE(profile_manager_.SetUp());
    ChromeNetworkDelegate::InitializePrefsOnUIThread(
-        &enable_referrers_, nullptr, nullptr, nullptr,
-        profile_.GetTestingPrefService());
-    network_delegate_.reset(
-        new ChromeNetworkDelegate(event_router_.get(), &enable_referrers_));
+        nullptr, nullptr, nullptr, profile_.GetTestingPrefService());
+    network_delegate_.reset(new ChromeNetworkDelegate(event_router_.get()));
    network_delegate_->set_profile(&profile_);
    network_delegate_->set_cookie_settings(
        CookieSettingsFactory::GetForProfile(&profile_).get());
@@ -1144,7 +1139,6 @@ class ExtensionWebRequestHeaderModificationTest
  TestingProfile profile_;
  TestingProfileManager profile_manager_;
  net::TestDelegate delegate_;
-  BooleanPrefMember enable_referrers_;
  TestIPCSender ipc_sender_;
  scoped_refptr<EventRouterForwarder> event_router_;
  std::unique_ptr<ChromeNetworkDelegate> network_delegate_;

--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -290,7 +290,6 @@ IOThread::IOThread(
  scoped_refptr<base::SingleThreadTaskRunner> io_thread_proxy =
      BrowserThread::GetTaskRunnerForThread(BrowserThread::IO);
  ChromeNetworkDelegate::InitializePrefsOnUIThread(
-      &system_enable_referrers_,
      nullptr,
      nullptr,
      nullptr,
@@ -417,7 +416,6 @@ void IOThread::CleanUp() {

 // static
 void IOThread::RegisterPrefs(PrefRegistrySimple* registry) {
-  registry->RegisterBooleanPref(prefs::kEnableReferrers, true);
  data_reduction_proxy::RegisterPrefs(registry);
 }

@@ -468,7 +466,7 @@ void IOThread::ConstructSystemRequestContext() {
        std::make_unique<network::URLRequestContextBuilderMojo>();

    auto chrome_network_delegate = std::make_unique<ChromeNetworkDelegate>(
-        extension_event_router_forwarder(), &system_enable_referrers_);
+        extension_event_router_forwarder());
    // By default, data usage is considered off the record.
    chrome_network_delegate->set_data_use_aggregator(
        globals_->data_use_aggregator.get(),

--- a/chrome/browser/io_thread.h
+++ b/chrome/browser/io_thread.h
@@ -26,7 +26,6 @@
 #include "chrome/browser/net/system_network_context_manager.h"
 #include "chrome/common/buildflags.h"
 #include "components/metrics/data_use_tracker.h"
-#include "components/prefs/pref_member.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/browser_thread_delegate.h"
 #include "extensions/buildflags/buildflags.h"
@@ -215,8 +214,6 @@ class IOThread : public content::BrowserThreadDelegate {

  Globals* globals_;

-  BooleanPrefMember system_enable_referrers_;
-
  // These are set on the UI thread, and then consumed during initialization on
  // the IO thread.
  network::mojom::NetworkContextRequest network_context_request_;

--- a/chrome/browser/net/chrome_network_delegate.cc
+++ b/chrome/browser/net/chrome_network_delegate.cc
@@ -199,12 +199,10 @@ bool IsAccessAllowedInternal(const base::FilePath& path,
 }  // namespace

 ChromeNetworkDelegate::ChromeNetworkDelegate(
-    extensions::EventRouterForwarder* event_router,
-    BooleanPrefMember* enable_referrers)
+    extensions::EventRouterForwarder* event_router)
    : extensions_delegate_(
          ChromeExtensionsNetworkDelegate::Create(event_router)),
      profile_(nullptr),
-      enable_referrers_(enable_referrers),
      force_google_safe_search_(nullptr),
      force_youtube_restrict_(nullptr),
      allowed_domains_for_apps_(nullptr),
@@ -212,9 +210,7 @@ ChromeNetworkDelegate::ChromeNetworkDelegate(
          base::CommandLine::ForCurrentProcess()->HasSwitch(
              switches::kEnableExperimentalWebPlatformFeatures)),
      data_use_aggregator_(nullptr),
-      is_data_usage_off_the_record_(true) {
-  DCHECK(enable_referrers);
-}
+      is_data_usage_off_the_record_(true) {}

 ChromeNetworkDelegate::~ChromeNetworkDelegate() {}

@@ -242,15 +238,11 @@ void ChromeNetworkDelegate::set_data_use_aggregator(

 // static
 void ChromeNetworkDelegate::InitializePrefsOnUIThread(
-    BooleanPrefMember* enable_referrers,
    BooleanPrefMember* force_google_safe_search,
    IntegerPrefMember* force_youtube_restrict,
    StringPrefMember* allowed_domains_for_apps,
    PrefService* pref_service) {
  DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  enable_referrers->Init(prefs::kEnableReferrers, pref_service);
-  enable_referrers->MoveToThread(
-      BrowserThread::GetTaskRunnerForThread(BrowserThread::IO));
  if (force_google_safe_search) {
    force_google_safe_search->Init(prefs::kForceGoogleSafeSearch, pref_service);
    force_google_safe_search->MoveToThread(
@@ -274,9 +266,6 @@ int ChromeNetworkDelegate::OnBeforeURLRequest(
    GURL* new_url) {
  extensions_delegate_->ForwardStartRequestStatus(request);

-  if (!enable_referrers_->GetValue())
-    request->SetReferrer(std::string());
-
  bool force_safe_search =
      (force_google_safe_search_ && force_google_safe_search_->GetValue());


--- a/chrome/browser/net/chrome_network_delegate.h
+++ b/chrome/browser/net/chrome_network_delegate.h
@@ -55,11 +55,11 @@ class URLRequest;
 // add hooks into the network stack.
 class ChromeNetworkDelegate : public net::NetworkDelegateImpl {
 public:
-  // |enable_referrers| (and all of the other optional PrefMembers) should be
-  // initialized on the UI thread (see below) beforehand. This object's owner is
-  // responsible for cleaning them up at shutdown.
-  ChromeNetworkDelegate(extensions::EventRouterForwarder* event_router,
-                        BooleanPrefMember* enable_referrers);
+  // All optional PrefMembers should be initialized on the UI thread (see below)
+  // before first use. This object's owner is responsible for cleaning them up
+  // at shutdown.
+  explicit ChromeNetworkDelegate(
+      extensions::EventRouterForwarder* event_router);
  ~ChromeNetworkDelegate() override;

  // Pass through to ChromeExtensionsNetworkDelegate::set_extension_info_map().
@@ -122,10 +122,9 @@ class ChromeNetworkDelegate : public net::NetworkDelegateImpl {
      bool is_data_usage_off_the_record);

  // Binds the pref members to |pref_service| and moves them to the IO thread.
-  // |enable_referrers| cannot be nullptr, the others can.
-  // This method should be called on the UI thread.
+  // All arguments can be nullptr. This method should be called on the UI
+  // thread.
  static void InitializePrefsOnUIThread(
-      BooleanPrefMember* enable_referrers,
      BooleanPrefMember* force_google_safe_search,
      IntegerPrefMember* force_youtube_restrict,
      StringPrefMember* allowed_domains_for_apps,
@@ -217,7 +216,6 @@ class ChromeNetworkDelegate : public net::NetworkDelegateImpl {
  scoped_refptr<content_settings::CookieSettings> cookie_settings_;

  // Weak, owned by our owner.
-  BooleanPrefMember* enable_referrers_;
  BooleanPrefMember* force_google_safe_search_;
  IntegerPrefMember* force_youtube_restrict_;
  StringPrefMember* allowed_domains_for_apps_;

--- a/chrome/browser/net/chrome_network_delegate_unittest.cc
+++ b/chrome/browser/net/chrome_network_delegate_unittest.cc
@@ -151,16 +151,14 @@ class ChromeNetworkDelegateTest : public testing::Test {

  void SetUp() override {
    ChromeNetworkDelegate::InitializePrefsOnUIThread(
-        &enable_referrers_, nullptr, nullptr, nullptr,
-        profile_.GetTestingPrefService());
+        nullptr, nullptr, nullptr, profile_.GetTestingPrefService());
    profile_manager_.reset(
        new TestingProfileManager(TestingBrowserProcess::GetGlobal()));
    ASSERT_TRUE(profile_manager_->SetUp());
  }

  virtual void Initialize() {
-    network_delegate_.reset(
-        new ChromeNetworkDelegate(forwarder(), &enable_referrers_));
+    network_delegate_.reset(new ChromeNetworkDelegate(forwarder()));
    context_->set_client_socket_factory(&socket_factory_);
    context_->set_network_delegate(network_delegate_.get());
    context_->Init();
@@ -189,7 +187,6 @@ class ChromeNetworkDelegateTest : public testing::Test {
  scoped_refptr<extensions::EventRouterForwarder> forwarder_;
 #endif
  TestingProfile profile_;
-  BooleanPrefMember enable_referrers_;
  std::unique_ptr<ChromeNetworkDelegate> network_delegate_;
  net::MockClientSocketFactory socket_factory_;
  std::unique_ptr<net::TestURLRequestContext> context_;
@@ -318,7 +315,6 @@ class ChromeNetworkDelegatePolicyTest : public testing::Test {
  scoped_refptr<extensions::EventRouterForwarder> forwarder_;
 #endif
  TestingProfile profile_;
-  BooleanPrefMember enable_referrers_;
  net::TestURLRequestContext context_;
  net::TestDelegate delegate_;
  DISALLOW_COPY_AND_ASSIGN(ChromeNetworkDelegatePolicyTest);
@@ -329,7 +325,6 @@ class ChromeNetworkDelegateSafeSearchTest :
 public:
  void SetUp() override {
    ChromeNetworkDelegate::InitializePrefsOnUIThread(
-        &enable_referrers_,
        &force_google_safe_search_,
        &force_youtube_restrict_,
        nullptr,
@@ -339,7 +334,7 @@ class ChromeNetworkDelegateSafeSearchTest :
 protected:
  std::unique_ptr<net::NetworkDelegate> CreateNetworkDelegate() {
    std::unique_ptr<ChromeNetworkDelegate> network_delegate(
-        new ChromeNetworkDelegate(forwarder(), &enable_referrers_));
+        new ChromeNetworkDelegate(forwarder()));
    network_delegate->set_force_google_safe_search(&force_google_safe_search_);
    network_delegate->set_force_youtube_restrict(&force_youtube_restrict_);
    return std::move(network_delegate);
@@ -400,7 +395,6 @@ class ChromeNetworkDelegateAllowedDomainsTest :

  void SetUp() override {
    ChromeNetworkDelegate::InitializePrefsOnUIThread(
-        &enable_referrers_,
        nullptr,
        nullptr,
        &allowed_domains_for_apps_,
@@ -410,7 +404,7 @@ class ChromeNetworkDelegateAllowedDomainsTest :
 protected:
  std::unique_ptr<net::NetworkDelegate> CreateNetworkDelegate() {
    std::unique_ptr<ChromeNetworkDelegate> network_delegate(
-        new ChromeNetworkDelegate(forwarder(), &enable_referrers_));
+        new ChromeNetworkDelegate(forwarder()));
    network_delegate->set_allowed_domains_for_apps(&allowed_domains_for_apps_);
    return std::move(network_delegate);
  }
@@ -497,14 +491,13 @@ class ChromeNetworkDelegatePrivacyModeTest : public testing::Test {

  void SetUp() override {
    ChromeNetworkDelegate::InitializePrefsOnUIThread(
-        &enable_referrers_, nullptr, nullptr, nullptr,
-        profile_.GetTestingPrefService());
+        nullptr, nullptr, nullptr, profile_.GetTestingPrefService());
  }

 protected:
  std::unique_ptr<ChromeNetworkDelegate> CreateNetworkDelegate() {
    std::unique_ptr<ChromeNetworkDelegate> network_delegate(
-        new ChromeNetworkDelegate(forwarder(), &enable_referrers_));
+        new ChromeNetworkDelegate(forwarder()));
    network_delegate->set_cookie_settings(cookie_settings_);
    return network_delegate;
  }
@@ -529,7 +522,6 @@ class ChromeNetworkDelegatePrivacyModeTest : public testing::Test {
 #endif
  TestingProfile profile_;
  content_settings::CookieSettings* cookie_settings_;
-  BooleanPrefMember enable_referrers_;
  std::unique_ptr<net::URLRequest> request_;
  net::TestURLRequestContext context_;
  net::NetworkDelegate* network_delegate_;

--- a/chrome/browser/net/default_network_context_params.cc
+++ b/chrome/browser/net/default_network_context_params.cc
@@ -39,6 +39,10 @@ network::mojom::NetworkContextParamsPtr CreateDefaultNetworkContextParams() {

  network_context_params->user_agent = GetUserAgent();

+  // Disable referrers by default. Any consumer that enables referrers should
+  // respect prefs::kEnableReferrers from the appropriate pref store.
+  network_context_params->enable_referrers = false;
+
  std::string quic_user_agent_id = chrome::GetChannelName();
  if (!quic_user_agent_id.empty())
    quic_user_agent_id.push_back(' ');

--- a/chrome/browser/net/network_context_configuration_browsertest.cc
+++ b/chrome/browser/net/network_context_configuration_browsertest.cc
@@ -65,6 +65,7 @@
 #include "services/network/public/mojom/url_loader_factory.mojom.h"
 #include "services/network/test/test_url_loader_client.h"
 #include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"

 namespace {

@@ -230,29 +231,28 @@ class NetworkContextConfigurationBrowserTest
    return StorageType::kNone;
  }

-  // Sets the proxy preference on a PrefService based on the NetworkContextType,
-  // and waits for it to be applied.
-  void SetProxyPref(const net::HostPortPair& host_port_pair) {
-    // Get the correct PrefService.
-    PrefService* pref_service = nullptr;
+  // Returns the pref service with most prefs related to the NetworkContext
+  // being tested.
+  PrefService* GetPrefService() {
    switch (GetParam().network_context_type) {
      case NetworkContextType::kSystem:
      case NetworkContextType::kSafeBrowsing:
-        pref_service = g_browser_process->local_state();
-        break;
+        return g_browser_process->local_state();
      case NetworkContextType::kProfile:
-        pref_service = browser()->profile()->GetPrefs();
-        break;
+        return browser()->profile()->GetPrefs();
      case NetworkContextType::kIncognitoProfile:
-        // Incognito uses the non-incognito prefs.
-        pref_service =
-            browser()->profile()->GetOffTheRecordProfile()->GetPrefs();
-        break;
+        // Incognito actually uses the non-incognito prefs, so this should end
+        // up being the same pref store as in the KProfile case.
+        return browser()->profile()->GetOffTheRecordProfile()->GetPrefs();
    }
+  }

-    pref_service->Set(proxy_config::prefs::kProxy,
-                      *ProxyConfigDictionary::CreateFixedServers(
-                          host_port_pair.ToString(), std::string()));
+  // Sets the proxy preference on a PrefService based on the NetworkContextType,
+  // and waits for it to be applied.
+  void SetProxyPref(const net::HostPortPair& host_port_pair) {
+    GetPrefService()->Set(proxy_config::prefs::kProxy,
+                          *ProxyConfigDictionary::CreateFixedServers(
+                              host_port_pair.ToString(), std::string()));

    // Wait for the new ProxyConfig to be passed over the pipe. Needed because
    // Mojo doesn't guarantee ordering of events on different Mojo pipes, and
@@ -328,10 +328,16 @@ class NetworkContextConfigurationBrowserTest
    controllable_http_response_->WaitForRequest();
  }

+  // Sends a request to the test server's echoheader URL and sets
+  // |header_value_out| to the value of the specified response header. Returns
+  // false if the request fails. If non-null, uses |request| to make the
+  // request, after setting its |url| value.
  bool FetchHeaderEcho(const std::string& header_name,
-                       std::string* header_value_out) {
-    std::unique_ptr<network::ResourceRequest> request =
-        std::make_unique<network::ResourceRequest>();
+                       std::string* header_value_out,
+                       std::unique_ptr<network::ResourceRequest> request =
+                           nullptr) WARN_UNUSED_RESULT {
+    if (!request)
+      request = std::make_unique<network::ResourceRequest>();
    request->url = embedded_test_server()->GetURL(
        base::StrCat({"/echoheader?", header_name}));
    content::SimpleURLLoaderTestHelper simple_loader_helper;
@@ -879,6 +885,66 @@ IN_PROC_BROWSER_TEST_P(NetworkContextConfigurationBrowserTest,
  EXPECT_EQ(::GetUserAgent(), user_agent3);
 }

+// First part of testing enable referrers. Check that referrers are enabled by
+// default at browser start, and referrers are indeed sent. Then disable
+// referrers, and make sure that they aren't set.
+IN_PROC_BROWSER_TEST_P(NetworkContextConfigurationBrowserTest,
+                       PRE_EnableReferrers) {
+  const GURL kReferrer("http://referrer/");
+
+  // Referrers should be enabled by default.
+  EXPECT_TRUE(GetPrefService()->GetBoolean(prefs::kEnableReferrers));
+
+  // Send a request, make sure the referrer is sent.
+  std::string referrer;
+  std::unique_ptr<network::ResourceRequest> request =
+      std::make_unique<network::ResourceRequest>();
+  request->referrer = kReferrer;
+  ASSERT_TRUE(FetchHeaderEcho("referer", &referrer, std::move(request)));
+
+  // SafeBrowsing never sends the referrer when then network service is enabled,
+  // since it doesn't need to. When the network service is disabled, it matches
+  // the behavior of the system NetworkContext, since it shares internals.
+  if (GetParam().network_context_type == NetworkContextType::kSafeBrowsing &&
+      base::FeatureList::IsEnabled(network::features::kNetworkService)) {
+    EXPECT_EQ("None", referrer);
+  } else {
+    EXPECT_EQ(kReferrer.spec(), referrer);
+  }
+
+  // Disable referrers, and flush the NetworkContext mojo interface it's set on,
+  // to avoid any races with the URLLoaderFactory pipe.
+  GetPrefService()->SetBoolean(prefs::kEnableReferrers, false);
+  FlushNetworkInterface();
+
+  // Send a request and make sure its referer is not sent.
+  std::string referrer2;
+  std::unique_ptr<network::ResourceRequest> request2 =
+      std::make_unique<network::ResourceRequest>();
+  request2->referrer = kReferrer;
+  ASSERT_TRUE(FetchHeaderEcho("referer", &referrer2, std::move(request2)));
+  EXPECT_EQ("None", referrer2);
+}
+
+// Second part of enable referrer test. Referrer should still be disabled. Make
+// sure that disable referrers option is respected after startup, as to just
+// after changing it.
+IN_PROC_BROWSER_TEST_P(NetworkContextConfigurationBrowserTest,
+                       EnableReferrers) {
+  const GURL kReferrer("http://referrer/");
+
+  // Referrers should still be disabled.
+  EXPECT_FALSE(GetPrefService()->GetBoolean(prefs::kEnableReferrers));
+
+  // Send a request and make sure its referer is not sent.
+  std::string referrer;
+  std::unique_ptr<network::ResourceRequest> request =
+      std::make_unique<network::ResourceRequest>();
+  request->referrer = kReferrer;
+  ASSERT_TRUE(FetchHeaderEcho("referer", &referrer, std::move(request)));
+  EXPECT_EQ("None", referrer);
+}
+
 class NetworkContextConfigurationFixedPortBrowserTest
    : public NetworkContextConfigurationBrowserTest {
 public:

--- a/chrome/browser/net/profile_network_context_service.cc
+++ b/chrome/browser/net/profile_network_context_service.cc
@@ -33,14 +33,19 @@

 ProfileNetworkContextService::ProfileNetworkContextService(Profile* profile)
    : profile_(profile), proxy_config_monitor_(profile) {
+  PrefService* profile_prefs = profile->GetPrefs();
  quic_allowed_.Init(
-      prefs::kQuicAllowed, profile->GetPrefs(),
+      prefs::kQuicAllowed, profile_prefs,
      base::Bind(&ProfileNetworkContextService::DisableQuicIfNotAllowed,
                 base::Unretained(this)));
  pref_accept_language_.Init(
-      prefs::kAcceptLanguages, profile->GetPrefs(),
+      prefs::kAcceptLanguages, profile_prefs,
      base::BindRepeating(&ProfileNetworkContextService::UpdateAcceptLanguage,
                          base::Unretained(this)));
+  enable_referrers_.Init(
+      prefs::kEnableReferrers, profile_prefs,
+      base::BindRepeating(&ProfileNetworkContextService::UpdateReferrersEnabled,
+                          base::Unretained(this)));
  DisableQuicIfNotAllowed();
 }

@@ -128,6 +133,12 @@ std::string ProfileNetworkContextService::ComputeAcceptLanguage() const {
      pref_accept_language_.GetValue());
 }

+void ProfileNetworkContextService::UpdateReferrersEnabled() {
+  content::BrowserContext::GetDefaultStoragePartition(profile_)
+      ->GetNetworkContext()
+      ->SetEnableReferrers(enable_referrers_.GetValue());
+}
+
 void ProfileNetworkContextService::FlushProxyConfigMonitorForTesting() {
  proxy_config_monitor_.FlushForTesting();
 }
@@ -148,6 +159,7 @@ ProfileNetworkContextService::CreateNetworkContextParams(
  network_context_params->context_name = std::string("main");

  network_context_params->accept_language = ComputeAcceptLanguage();
+  network_context_params->enable_referrers = enable_referrers_.GetValue();

  // Always enable the HTTP cache.
  network_context_params->http_cache_enabled = true;

--- a/chrome/browser/net/profile_network_context_service.h
+++ b/chrome/browser/net/profile_network_context_service.h
@@ -75,6 +75,8 @@ class ProfileNetworkContextService : public KeyedService {
  // |pref_accept_language_|
  std::string ComputeAcceptLanguage() const;

+  void UpdateReferrersEnabled();
+
  // Creates parameters for the NetworkContext. May only be called once, since
  // it initializes some class members.
  network::mojom::NetworkContextParamsPtr CreateMainNetworkContextParams();
@@ -103,6 +105,8 @@ class ProfileNetworkContextService : public KeyedService {
  BooleanPrefMember quic_allowed_;
  StringPrefMember pref_accept_language_;

+  BooleanPrefMember enable_referrers_;
+
  DISALLOW_COPY_AND_ASSIGN(ProfileNetworkContextService);
 };


--- a/chrome/browser/net/system_network_context_manager.cc
+++ b/chrome/browser/net/system_network_context_manager.cc
@@ -341,6 +341,11 @@ SystemNetworkContextManager::SystemNetworkContextManager()
  pref_change_registrar_.Add(prefs::kAuthAndroidNegotiateAccountType,
                             auth_pref_callback);
 #endif  // defined(OS_ANDROID)
+
+  enable_referrers_.Init(
+      prefs::kEnableReferrers, g_browser_process->local_state(),
+      base::BindRepeating(&SystemNetworkContextManager::UpdateReferrersEnabled,
+                          base::Unretained(this)));
 }

 SystemNetworkContextManager::~SystemNetworkContextManager() {
@@ -394,6 +399,11 @@ void SystemNetworkContextManager::RegisterPrefs(PrefRegistrySimple* registry) {
  registry->RegisterStringPref(prefs::kAuthAndroidNegotiateAccountType,
                               std::string());
 #endif  // defined(OS_ANDROID)
+
+  // Per-NetworkContext pref. The pref value from
+  // g_browser_process->local_state() is used for the system NetworkContext, and
+  // the per-profile pref values are used for the profile NetworkContexts.
+  registry->RegisterBooleanPref(prefs::kEnableReferrers, true);
 }

 void SystemNetworkContextManager::OnNetworkServiceCreated(
@@ -476,6 +486,8 @@ SystemNetworkContextManager::CreateNetworkContextParams() {

  network_context_params->context_name = std::string("system");

+  network_context_params->enable_referrers = enable_referrers_.GetValue();
+
  network_context_params->http_cache_enabled = false;

  // These are needed for PAC scripts that use file or data URLs (Or FTP URLs?).
@@ -493,3 +505,7 @@ SystemNetworkContextManager::CreateNetworkContextParams() {

  return network_context_params;
 }
+
+void SystemNetworkContextManager::UpdateReferrersEnabled() {
+  GetContext()->SetEnableReferrers(enable_referrers_.GetValue());
+}
--- a/chrome/browser/net/system_network_context_manager.h
+++ b/chrome/browser/net/system_network_context_manager.h
@@ -13,6 +13,7 @@
 #include "base/optional.h"
 #include "chrome/browser/net/proxy_config_monitor.h"
 #include "components/prefs/pref_change_registrar.h"
+#include "components/prefs/pref_member.h"
 #include "services/network/public/mojom/network_service.mojom.h"
 #include "services/network/public/mojom/ssl_config.mojom.h"

@@ -123,6 +124,8 @@ class SystemNetworkContextManager {
 private:
  class URLLoaderFactoryForSystem;

+  void UpdateReferrersEnabled();
+
  // Creates parameters for the NetworkContext. May only be called once, since
  // it initializes some class members.
  network::mojom::NetworkContextParamsPtr CreateNetworkContextParams();
@@ -152,6 +155,8 @@ class SystemNetworkContextManager {

  PrefChangeRegistrar pref_change_registrar_;

+  BooleanPrefMember enable_referrers_;
+
  DISALLOW_COPY_AND_ASSIGN(SystemNetworkContextManager);
 };


--- a/chrome/browser/profiles/profile_io_data.cc
+++ b/chrome/browser/profiles/profile_io_data.cc
@@ -498,7 +498,6 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) {
  profile_params_ = std::move(params);

  ChromeNetworkDelegate::InitializePrefsOnUIThread(
-      &enable_referrers_,
      &force_google_safesearch_,
      &force_youtube_restrict_,
      &allowed_domains_for_apps_,
@@ -1074,11 +1073,11 @@ void ProfileIOData::Init(
      std::unique_ptr<ChromeNetworkDelegate> chrome_network_delegate(
          new ChromeNetworkDelegate(
 #if BUILDFLAG(ENABLE_EXTENSIONS)
-              io_thread_globals->extension_event_router_forwarder.get(),
+              io_thread_globals->extension_event_router_forwarder.get()));
 #else
-              NULL,
+              nullptr));
 #endif
-              &enable_referrers_));
+
 #if BUILDFLAG(ENABLE_EXTENSIONS)
      chrome_network_delegate->set_extension_info_map(
          profile_params_->extension_info_map.get());
@@ -1336,7 +1335,6 @@ void ProfileIOData::ShutdownOnUIThread(
  sync_suppress_start_.Destroy();
  sync_first_setup_complete_.Destroy();
  sync_has_auth_error_.Destroy();
-  enable_referrers_.Destroy();
  force_google_safesearch_.Destroy();
  force_youtube_restrict_.Destroy();
  allowed_domains_for_apps_.Destroy();

--- a/chrome/browser/profiles/profile_io_data.h
+++ b/chrome/browser/profiles/profile_io_data.h
@@ -561,7 +561,6 @@ class ProfileIOData {
  mutable signin::AccountConsistencyMethod account_consistency_;

  // Member variables which are pointed to by the various context objects.
-  mutable BooleanPrefMember enable_referrers_;
  mutable BooleanPrefMember force_google_safesearch_;
  mutable IntegerPrefMember force_youtube_restrict_;
  mutable BooleanPrefMember safe_browsing_enabled_;

--- a/net/url_request/url_request_context_builder.cc
+++ b/net/url_request/url_request_context_builder.cc
@@ -346,6 +346,12 @@ void URLRequestContextBuilder::set_shared_host_resolver(
  shared_host_resolver_ = shared_host_resolver;
 }

+void URLRequestContextBuilder::SetCreateLayeredNetworkDelegateCallback(
+    CreateLayeredNetworkDelegate create_layered_network_delegate_callback) {
+  create_layered_network_delegate_callback_ =
+      std::move(create_layered_network_delegate_callback);
+}
+
 void URLRequestContextBuilder::set_proxy_delegate(
    std::unique_ptr<ProxyDelegate> proxy_delegate) {
  DCHECK(!shared_proxy_delegate_);
@@ -402,6 +408,10 @@ std::unique_ptr<URLRequestContext> URLRequestContextBuilder::Build() {

  if (!network_delegate_)
    network_delegate_.reset(new BasicNetworkDelegate);
+  if (create_layered_network_delegate_callback_) {
+    network_delegate_ = std::move(create_layered_network_delegate_callback_)
+                            .Run(std::move(network_delegate_));
+  }
  storage->set_network_delegate(std::move(network_delegate_));

  if (net_log_) {

--- a/net/url_request/url_request_context_builder.h
+++ b/net/url_request/url_request_context_builder.h
@@ -80,6 +80,11 @@ struct ReportingPolicy;
 // Builder may be used to create only a single URLRequestContext.
 class NET_EXPORT URLRequestContextBuilder {
 public:
+  // Creates a LayeredDelegate that wraps |inner_network_delegate|.
+  using CreateLayeredNetworkDelegate =
+      base::OnceCallback<std::unique_ptr<NetworkDelegate>(
+          std::unique_ptr<NetworkDelegate> inner_network_delegate)>;
+
  using CreateInterceptingJobFactory =
      base::OnceCallback<std::unique_ptr<URLRequestJobFactory>(
          std::unique_ptr<URLRequestJobFactory> inner_job_factory)>;
@@ -238,6 +243,12 @@ class NET_EXPORT URLRequestContextBuilder {
    network_delegate_ = std::move(delegate);
  }

+  // Sets an optional callback that creates a NetworkDelegate wrapping either
+  // the default NetworkDelegate, or the one set by the above method.
+  // TODO(mmenke): Remove this once the network service ships.
+  void SetCreateLayeredNetworkDelegateCallback(
+      CreateLayeredNetworkDelegate create_layered_network_delegate_callback);
+
  // Sets the ProxyDelegate.
  void set_proxy_delegate(std::unique_ptr<ProxyDelegate> proxy_delegate);
  // Allows sharing the PreoxyDelegates with other URLRequestContexts. Should
@@ -390,6 +401,7 @@ class NET_EXPORT URLRequestContextBuilder {
  std::unique_ptr<ProxyResolutionService> proxy_resolution_service_;
  scoped_refptr<SSLConfigService> ssl_config_service_;
  std::unique_ptr<NetworkDelegate> network_delegate_;
+  CreateLayeredNetworkDelegate create_layered_network_delegate_callback_;
  std::unique_ptr<ProxyDelegate> proxy_delegate_;
  ProxyDelegate* shared_proxy_delegate_;
  std::unique_ptr<CookieStore> cookie_store_;

--- a/services/network/network_context.cc
+++ b/services/network/network_context.cc
@@ -31,6 +31,8 @@
 #include "components/prefs/pref_service.h"
 #include "components/prefs/pref_service_factory.h"
 #include "mojo/public/cpp/bindings/strong_binding.h"
+#include "net/base/layered_network_delegate.h"
+#include "net/base/network_delegate.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/ct_log_verifier.h"
 #include "net/cert/multi_log_ct_verifier.h"
@@ -211,6 +213,37 @@ void OnClearedChannelIds(net::SSLConfigService* ssl_config_service,

 constexpr bool NetworkContext::enable_resource_scheduler_;

+// net::NetworkDelegate that wraps the main NetworkDelegate to remove the
+// Referrer from requests, if needed.
+// TODO(mmenke): Once the network service has shipped, this can be done in
+// URLLoader instead.
+class NetworkContext::ContextNetworkDelegate
+    : public net::LayeredNetworkDelegate {
+ public:
+  ContextNetworkDelegate(
+      std::unique_ptr<net::NetworkDelegate> nested_network_delegate,
+      bool enable_referrers)
+      : LayeredNetworkDelegate(std::move(nested_network_delegate)),
+        enable_referrers_(enable_referrers) {}
+
+  ~ContextNetworkDelegate() override {}
+
+  void OnBeforeURLRequestInternal(net::URLRequest* request,
+                                  GURL* new_url) override {
+    if (!enable_referrers_)
+      request->SetReferrer(std::string());
+  }
+
+  void set_enable_referrers(bool enable_referrers) {
+    enable_referrers_ = enable_referrers;
+  }
+
+ private:
+  bool enable_referrers_;
+
+  DISALLOW_COPY_AND_ASSIGN(ContextNetworkDelegate);
+};
+
 NetworkContext::NetworkContext(
    NetworkService* network_service,
    mojom::NetworkContextRequest request,
@@ -260,7 +293,7 @@ NetworkContext::NetworkContext(
      network_service_->GetHttpAuthHandlerFactory(),
      network_service_->sth_reporter(), &ct_tree_tracker_,
      &require_ct_delegate_, &certificate_report_sender_, &expect_ct_reporter_,
-      &user_agent_settings_);
+      &user_agent_settings_, &context_network_delegate_);
  url_request_context_ = url_request_context_owner_.url_request_context.get();

  network_service_->RegisterNetworkContext(this);
@@ -566,6 +599,13 @@ void NetworkContext::SetAcceptLanguage(const std::string& new_accept_language) {
  user_agent_settings_->set_accept_language(new_accept_language);
 }

+void NetworkContext::SetEnableReferrers(bool enable_referrers) {
+  // This may only be called on NetworkContexts created with a constructor that
+  // calls ApplyContextParamsToBuilder.
+  DCHECK(context_network_delegate_);
+  context_network_delegate_->set_enable_referrers(enable_referrers);
+}
+
 void NetworkContext::SetCTPolicy(
    const std::vector<std::string>& required_hosts,
    const std::vector<std::string>& excluded_hosts,
@@ -688,7 +728,8 @@ URLRequestContextOwner NetworkContext::ApplyContextParamsToBuilder(
        out_require_ct_delegate,
    std::unique_ptr<net::ReportSender>* out_certificate_report_sender,
    std::unique_ptr<ExpectCTReporter>* out_expect_ct_reporter,
-    net::StaticHttpUserAgentSettings** out_http_user_agent_settings) {
+    net::StaticHttpUserAgentSettings** out_http_user_agent_settings,
+    ContextNetworkDelegate** out_context_network_delegate) {
  if (net_log)
    builder->set_net_log(net_log);

@@ -830,6 +871,26 @@ URLRequestContextOwner NetworkContext::ApplyContextParamsToBuilder(
        return std::make_unique<ThrottlingNetworkTransactionFactory>(session);
      }));

+  // Can't just overwrite the NetworkDelegate because one might have already
+  // been set on the |builder| before it was passed to the NetworkContext.
+  // TODO(mmenke): Clean this up, once NetworkContext no longer needs to
+  // support taking a URLRequestContextBuilder with a pre-configured
+  // NetworkContext.
+  builder->SetCreateLayeredNetworkDelegateCallback(base::BindOnce(
+      [](mojom::NetworkContextParams* network_context_params,
+         ContextNetworkDelegate** out_context_network_delegate,
+         std::unique_ptr<net::NetworkDelegate> nested_network_delegate)
+          -> std::unique_ptr<net::NetworkDelegate> {
+        std::unique_ptr<ContextNetworkDelegate> context_network_delegate =
+            std::make_unique<ContextNetworkDelegate>(
+                std::move(nested_network_delegate),
+                network_context_params->enable_referrers);
+        if (out_context_network_delegate)
+          *out_context_network_delegate = context_network_delegate.get();
+        return context_network_delegate;
+      },
+      network_context_params, out_context_network_delegate));
+
  std::vector<scoped_refptr<const net::CTLogVerifier>> ct_logs;
  if (!network_context_params->ct_logs.empty()) {
    for (const auto& log : network_context_params->ct_logs) {
@@ -1040,7 +1101,7 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext(
                       : nullptr,
      network_service_ ? network_service_->sth_reporter() : nullptr,
      &ct_tree_tracker_, &require_ct_delegate_, &certificate_report_sender_,
-      &expect_ct_reporter_, &user_agent_settings_);
+      &expect_ct_reporter_, &user_agent_settings_, &context_network_delegate_);

  return result;
 }

--- a/services/network/network_context.h
+++ b/services/network/network_context.h
@@ -160,6 +160,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
  void SetNetworkConditions(const std::string& profile_id,
                            mojom::NetworkConditionsPtr conditions) override;
  void SetAcceptLanguage(const std::string& new_accept_language) override;
+  void SetEnableReferrers(bool enable_referrers) override;
  void SetCTPolicy(
      const std::vector<std::string>& required_hosts,
      const std::vector<std::string>& excluded_hosts,
@@ -205,6 +206,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
  void DestroyURLLoaderFactory(URLLoaderFactory* url_loader_factory);

 private:
+  class ContextNetworkDelegate;
  friend class URLRequestContextBuilderMojo;

  // Applies the values in |network_context_params| to |builder|, and builds
@@ -226,7 +228,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
          out_require_ct_delegate,
      std::unique_ptr<net::ReportSender>* out_certificate_report_sender,
      std::unique_ptr<ExpectCTReporter>* out_expect_ct_reporter,
-      net::StaticHttpUserAgentSettings** out_http_user_agent_settings);
+      net::StaticHttpUserAgentSettings** out_http_user_agent_settings,
+      ContextNetworkDelegate** out_context_network_delegate_ptr);

  // Invoked when the HTTP cache was cleared. Invokes |callback|.
  void OnHttpCacheCleared(ClearHttpCacheCallback callback,
@@ -250,6 +253,9 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext

  net::URLRequestContext* url_request_context_;

+  // Owned by URLRequestContext.
+  ContextNetworkDelegate* context_network_delegate_ = nullptr;
+
  mojom::NetworkContextParamsPtr params_;

  // If non-null, called when the mojo pipe for the NetworkContext is closed.

--- a/services/network/public/mojom/network_context.mojom
+++ b/services/network/public/mojom/network_context.mojom
@@ -46,6 +46,9 @@ struct NetworkContextParams {
  // QUIC user agent.
  string quic_user_agent_id;

+  // If false, the referrer of requests is never populated.
+  bool enable_referrers = true;
+
  // Handles PAC script execution. If not populated, will attempt to use
  // platform implementation to execute PAC scripts, if available (Only
  // available on Windows and Mac).
@@ -376,6 +379,9 @@ interface NetworkContext {
  // Updates the Accept-Language header to be used for requests.
  SetAcceptLanguage(string new_accept_language);

+  // If false, the referrer of requests is never populated.
+  SetEnableReferrers(bool enable_referrers);
+
  // Updates the CT policy to be used for requests. Only applies if the
  // NetworkContextParams set enforce_chrome_ct_policy to true.
  // TODO(rsleevi): Remove this once Chrome-specific policies are moved out

--- a/services/network/test/test_network_context.h
+++ b/services/network/test/test_network_context.h
@@ -68,6 +68,7 @@ class TestNetworkContext : public mojom::NetworkContext {
  void SetNetworkConditions(const std::string& profile_id,
                            mojom::NetworkConditionsPtr conditions) override {}
  void SetAcceptLanguage(const std::string& new_accept_language) override {}
+  void SetEnableReferrers(bool enable_referrers) override {}
  void SetCTPolicy(
      const std::vector<std::string>& required_hosts,
      const std::vector<std::string>& excluded_hosts,

--- a/services/network/url_request_context_builder_mojo.cc
+++ b/services/network/url_request_context_builder_mojo.cc
@@ -46,7 +46,8 @@ URLRequestContextOwner URLRequestContextBuilderMojo::Create(
      nullptr /* out_require_ct_delegate */,
      nullptr /* out_certificate_report_sender */,
      nullptr /* out_expect_ct_reporter */,
-      nullptr /* out_static_user_agent_settings */);
+      nullptr /* out_static_user_agent_settings */,
+      nullptr /* out_context_network_delegate */);
 }

 std::unique_ptr<net::ProxyResolutionService>