| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 |
- /*
- * Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
- *
- * SPDX-License-Identifier: BSD-2-Clause
- */
- #include <AK/URL.h>
- #include <LibWeb/DOM/Document.h>
- #include <LibWeb/DOMURL/DOMURL.h>
- #include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
- #include <LibWeb/Fetch/Infrastructure/URL.h>
- #include <LibWeb/HTML/Window.h>
- #include <LibWeb/ReferrerPolicy/AbstractOperations.h>
- #include <LibWeb/ReferrerPolicy/ReferrerPolicy.h>
- #include <LibWeb/SecureContexts/AbstractOperations.h>
- namespace Web::ReferrerPolicy {
- // https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer
- Optional<URL> determine_requests_referrer(Fetch::Infrastructure::Request const& request)
- {
- // 1. Let policy be request’s referrer policy.
- auto const& policy = request.referrer_policy();
- // 2. Let environment be request’s client.
- auto environment = request.client();
- // 3. Switch on request’s referrer:
- auto referrer_source = request.referrer().visit(
- // "client"
- [&](Fetch::Infrastructure::Request::Referrer referrer) -> Optional<URL> {
- // Note: If request’s referrer is "no-referrer", Fetch will not call into this algorithm.
- VERIFY(referrer == Fetch::Infrastructure::Request::Referrer::Client);
- // FIXME: Add a const global_object() getter to ESO
- auto& global_object = const_cast<HTML::EnvironmentSettingsObject&>(*environment).global_object();
- // 1. If environment’s global object is a Window object, then
- if (is<HTML::Window>(global_object)) {
- // 1. Let document be the associated Document of environment’s global object.
- auto const& document = static_cast<HTML::Window const&>(global_object).associated_document();
- // 2. If document’s origin is an opaque origin, return no referrer.
- if (document.origin().is_opaque())
- return {};
- // FIXME: 3. While document is an iframe srcdoc document, let document be document’s browsing context’s
- // browsing context container’s node document.
- // 4. Let referrerSource be document’s URL.
- return document.url();
- }
- // 2. Otherwise, let referrerSource be environment’s creation URL.
- else {
- return environment->creation_url;
- }
- },
- // a URL
- [&](URL const& url) -> Optional<URL> {
- // Let referrerSource be request’s referrer.
- return url;
- });
- // NOTE: This only happens in step 1.2. of the "client" case above.
- if (!referrer_source.has_value())
- return {};
- // 4. Let request’s referrerURL be the result of stripping referrerSource for use as a referrer.
- auto referrer_url = strip_url_for_use_as_referrer(referrer_source);
- // 5. Let referrerOrigin be the result of stripping referrerSource for use as a referrer, with the origin-only flag
- // set to true.
- auto referrer_origin = strip_url_for_use_as_referrer(referrer_source, OriginOnly::Yes);
- // 6. If the result of serializing referrerURL is a string whose length is greater than 4096, set referrerURL to
- // referrerOrigin.
- if (referrer_url.has_value() && referrer_url.value().serialize().length() > 4096)
- referrer_url = referrer_origin;
- // 7. The user agent MAY alter referrerURL or referrerOrigin at this point to enforce arbitrary policy
- // considerations in the interests of minimizing data leakage. For example, the user agent could strip the URL
- // down to an origin, modify its host, replace it with an empty string, etc.
- // 8. Execute the statements corresponding to the value of policy:
- // Note: If request’s referrer policy is the empty string, Fetch will not call into this algorithm.
- VERIFY(policy != ReferrerPolicy::EmptyString);
- switch (policy) {
- // "no-referrer"
- case ReferrerPolicy::NoReferrer:
- // Return no referrer
- return {};
- // "origin"
- case ReferrerPolicy::Origin:
- // Return referrerOrigin
- return referrer_origin;
- // "unsafe-url"
- case ReferrerPolicy::UnsafeURL:
- // Return referrerURL.
- return referrer_url;
- // "strict-origin"
- case ReferrerPolicy::StrictOrigin:
- // 1. If referrerURL is a potentially trustworthy URL and request’s current URL is not a potentially
- // trustworthy URL, then return no referrer.
- if (referrer_url.has_value()
- && SecureContexts::is_url_potentially_trustworthy(*referrer_url) == SecureContexts::Trustworthiness::PotentiallyTrustworthy
- && SecureContexts::is_url_potentially_trustworthy(request.current_url()) == SecureContexts::Trustworthiness::NotTrustworthy) {
- return {};
- }
- // 2. Return referrerOrigin.
- return referrer_origin;
- // "strict-origin-when-cross-origin"
- case ReferrerPolicy::StrictOriginWhenCrossOrigin:
- // 1. If the origin of referrerURL and the origin of request’s current URL are the same, then return
- // referrerURL.
- if (referrer_url.has_value() && DOMURL::url_origin(*referrer_url).is_same_origin(DOMURL::url_origin(request.current_url())))
- return referrer_url;
- // 2. If referrerURL is a potentially trustworthy URL and request’s current URL is not a potentially
- // trustworthy URL, then return no referrer.
- if (referrer_url.has_value()
- && SecureContexts::is_url_potentially_trustworthy(*referrer_url) == SecureContexts::Trustworthiness::PotentiallyTrustworthy
- && SecureContexts::is_url_potentially_trustworthy(request.current_url()) == SecureContexts::Trustworthiness::NotTrustworthy) {
- return {};
- }
- // 3. Return referrerOrigin.
- return referrer_origin;
- // "same-origin"
- case ReferrerPolicy::SameOrigin:
- // 1. If the origin of referrerURL and the origin of request’s current URL are the same, then return
- // referrerURL.
- if (referrer_url.has_value()
- && DOMURL::url_origin(*referrer_url).is_same_origin(DOMURL::url_origin(request.current_url()))) {
- return referrer_url;
- }
- // 2. Return no referrer.
- return {};
- // "origin-when-cross-origin"
- case ReferrerPolicy::OriginWhenCrossOrigin:
- // 1. If the origin of referrerURL and the origin of request’s current URL are the same, then return
- // referrerURL.
- if (referrer_url.has_value()
- && DOMURL::url_origin(*referrer_url).is_same_origin(DOMURL::url_origin(request.current_url()))) {
- return referrer_url;
- }
- // 2. Return referrerOrigin.
- return referrer_origin;
- // "no-referrer-when-downgrade"
- case ReferrerPolicy::NoReferrerWhenDowngrade:
- // 1. If referrerURL is a potentially trustworthy URL and request’s current URL is not a potentially
- // trustworthy URL, then return no referrer.
- if (referrer_url.has_value()
- && SecureContexts::is_url_potentially_trustworthy(*referrer_url) == SecureContexts::Trustworthiness::PotentiallyTrustworthy
- && SecureContexts::is_url_potentially_trustworthy(request.current_url()) == SecureContexts::Trustworthiness::NotTrustworthy) {
- return {};
- }
- // 2. Return referrerURL.
- return referrer_url;
- default:
- VERIFY_NOT_REACHED();
- }
- }
- Optional<URL> strip_url_for_use_as_referrer(Optional<URL> url, OriginOnly origin_only)
- {
- // 1. If url is null, return no referrer.
- if (!url.has_value())
- return {};
- // 2. If url’s scheme is a local scheme, then return no referrer.
- if (Fetch::Infrastructure::LOCAL_SCHEMES.span().contains_slow(url->scheme()))
- return {};
- // 3. Set url’s username to the empty string.
- MUST(url->set_username(""sv));
- // 4. Set url’s password to the empty string.
- MUST(url->set_password(""sv));
- // 5. Set url’s fragment to null.
- url->set_fragment({});
- // 6. If the origin-only flag is true, then:
- if (origin_only == OriginOnly::Yes) {
- // 1. Set url’s path to « the empty string ».
- url->set_paths({ ""sv });
- // 2. Set url’s query to null.
- url->set_query({});
- }
- // 7. Return url.
- return url;
- }
- }
|
