void CachedResourceRequest::updateReferrerOriginAndUserAgentHeaders(FrameLoader& frameLoader, ReferrerPolicy defaultPolicy) { // Implementing step 7 to 9 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch String outgoingOrigin; String outgoingReferrer = m_resourceRequest.httpReferrer(); if (!outgoingReferrer.isNull()) outgoingOrigin = SecurityOrigin::createFromString(outgoingReferrer)->toString(); else { outgoingReferrer = frameLoader.outgoingReferrer(); outgoingOrigin = frameLoader.outgoingOrigin(); } // FIXME: Refactor SecurityPolicy::generateReferrerHeader to align with new terminology used in https://w3c.github.io/webappsec-referrer-policy. switch (m_options.referrerPolicy) { case FetchOptions::ReferrerPolicy::EmptyString: { outgoingReferrer = SecurityPolicy::generateReferrerHeader(defaultPolicy, m_resourceRequest.url(), outgoingReferrer); break; } case FetchOptions::ReferrerPolicy::NoReferrerWhenDowngrade: outgoingReferrer = SecurityPolicy::generateReferrerHeader(ReferrerPolicy::Default, m_resourceRequest.url(), outgoingReferrer); break; case FetchOptions::ReferrerPolicy::NoReferrer: outgoingReferrer = String(); break; case FetchOptions::ReferrerPolicy::Origin: outgoingReferrer = SecurityPolicy::generateReferrerHeader(ReferrerPolicy::Origin, m_resourceRequest.url(), outgoingReferrer); break; case FetchOptions::ReferrerPolicy::OriginWhenCrossOrigin: if (isRequestCrossOrigin(m_origin.get(), m_resourceRequest.url(), m_options)) outgoingReferrer = SecurityPolicy::generateReferrerHeader(ReferrerPolicy::Origin, m_resourceRequest.url(), outgoingReferrer); break; case FetchOptions::ReferrerPolicy::UnsafeUrl: break; }; if (outgoingReferrer.isEmpty()) m_resourceRequest.clearHTTPReferrer(); else m_resourceRequest.setHTTPReferrer(outgoingReferrer); FrameLoader::addHTTPOriginIfNeeded(m_resourceRequest, outgoingOrigin); frameLoader.applyUserAgent(m_resourceRequest); }
CachedResource::CachedResource(CachedResourceRequest&& request, Type type, SessionID sessionID) : m_resourceRequest(request.releaseResourceRequest()) , m_options(request.options()) , m_decodedDataDeletionTimer(*this, &CachedResource::destroyDecodedData, deadDecodedDataDeletionIntervalForResourceType(type)) , m_sessionID(sessionID) , m_loadPriority(defaultPriorityForResourceType(type)) , m_responseTimestamp(std::chrono::system_clock::now()) , m_fragmentIdentifierForRequest(request.releaseFragmentIdentifier()) , m_origin(request.releaseOrigin()) , m_type(type) { ASSERT(sessionID.isValid()); setLoadPriority(request.priority()); #ifndef NDEBUG cachedResourceLeakCounter.increment(); #endif // FIXME: We should have a better way of checking for Navigation loads, maybe FetchMode::Options::Navigate. ASSERT(m_origin || m_type == CachedResource::MainResource); if (isRequestCrossOrigin(m_origin.get(), m_resourceRequest.url(), m_options)) setCrossOrigin(); }