FetchManager should not set "referer" HTTP header

Instead it should use ResourceRequest::SetReferrerString and ResourceRequest::SetReferrerPolicy. Bug: 863769 Change-Id: I4de47bae9aa259ace5ffb5bbdd17d6cf423931d7 Reviewed-on: https://chromium-review.googlesource.com/1203474 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Dominic Farolino <domfarolino@gmail.com> Cr-Commit-Position: refs/heads/master@{#589159}

FetchManager should not set "referer" HTTP header
Instead it should use ResourceRequest::SetReferrerString and ResourceRequest::SetReferrerPolicy. Bug: 863769 Change-Id: I4de47bae9aa259ace5ffb5bbdd17d6cf423931d7 Reviewed-on: https://chromium-review.googlesource.com/1203474 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Dominic Farolino <domfarolino@gmail.com> Cr-Commit-Position: refs/heads/master@{#589159}
bd27fde7 · Yutaka Hirano · Commit Bot · 0af66703 · bd27fde7 · bd27fde7
Commit bd27fde7 authored Sep 06, 2018 by Yutaka Hirano Committed by Commit Bot Sep 06, 2018
2 changed files
--- a/third_party/blink/renderer/core/fetch/fetch_manager.cc
+++ b/third_party/blink/renderer/core/fetch/fetch_manager.cc
@@ -858,27 +858,9 @@ void FetchManager::Loader::PerformHTTPFetch(ExceptionState& exception_state) {
  request.SetUseStreamOnResponse(true);
  request.SetExternalRequestStateFromRequestorAddressSpace(
      execution_context_->GetSecurityContext().AddressSpace());
+  request.SetReferrerString(fetch_request_data_->ReferrerString());
+  request.SetReferrerPolicy(fetch_request_data_->GetReferrerPolicy());
-  // "2. Append `Referer`/empty byte sequence, if |HTTPRequest|'s |referrer|
-  // is none, and `Referer`/|HTTPRequest|'s referrer, serialized and utf-8
-  // encoded, otherwise, to HTTPRequest's header list.
-  //
-  // The following code also invokes "determine request's referrer" which is
-  // written in "Main fetch" operation.
-  const ReferrerPolicy referrer_policy =
-      fetch_request_data_->GetReferrerPolicy() == kReferrerPolicyDefault
-          ? execution_context_->GetReferrerPolicy()
-          : fetch_request_data_->GetReferrerPolicy();
-  const String referrer_string =
-      fetch_request_data_->ReferrerString() == Referrer::ClientReferrerString()
-          ? execution_context_->OutgoingReferrer()
-          : fetch_request_data_->ReferrerString();
-  // Note that generateReferrer generates |no-referrer| from |no-referrer|
-  // referrer string (i.e. String()).
-  // TODO(domfarolino): Can we use ResourceRequest's SetReferrerString() and
-  // SetReferrerPolicy() instead of calling SetHTTPReferrer()?
-  request.SetHTTPReferrer(SecurityPolicy::GenerateReferrer(
-      referrer_policy, fetch_request_data_->Url(), referrer_string));
  request.SetSkipServiceWorker(is_isolated_world_);
  if (fetch_request_data_->Keepalive()) {

--- a/third_party/blink/renderer/core/loader/threadable_loader.cc
+++ b/third_party/blink/renderer/core/loader/threadable_loader.cc
@@ -81,12 +81,6 @@ AtomicString CreateAccessControlRequestHeadersHeader(
    const HTTPHeaderMap& headers) {
  Vector<String> filtered_headers = CORS::CORSUnsafeRequestHeaderNames(headers);
-  // FetchManager may add a "referer" header.
-  // TODO(yhirano): Remove this.
-  auto it = filtered_headers.Find("referer");
-  if (it != kNotFound)
-    filtered_headers.EraseAt(it);
  if (!filtered_headers.size())
    return g_null_atom;
@@ -170,9 +164,7 @@ ThreadableLoader::CreateAccessControlPreflightRequest(
  preflight_request->SetFetchCredentialsMode(
      network::mojom::FetchCredentialsMode::kOmit);
  preflight_request->SetSkipServiceWorker(true);
-  // TODO(domfarolino): Use ReferrerString() once https://crbug.com/850813 is
+  preflight_request->SetReferrerString(request.ReferrerString());
-  // closed and we stop storing the referrer string as a `Referer` header.
-  preflight_request->SetReferrerString(request.HttpReferrer());
  preflight_request->SetReferrerPolicy(request.GetReferrerPolicy());
  if (request.IsExternalRequest()) {