From ab6b687d4cf4dcd35b86510e82d6eabd9dbda371 Mon Sep 17 00:00:00 2001 From: Jamie Mansfield Date: Wed, 5 Jun 2024 20:15:56 +0100 Subject: [PATCH] =?UTF-8?q?LibWeb:=20Implement=20"Set=20request=E2=80=99s?= =?UTF-8?q?=20referrer=20policy=20on=20redirect"=20AO?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../LibWeb/Fetch/Fetching/Fetching.cpp | 3 +- .../ReferrerPolicy/AbstractOperations.cpp | 34 +++++++++++++++++++ .../ReferrerPolicy/AbstractOperations.h | 4 +++ 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.cpp b/Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.cpp index b98391263c0..f85c0d86f1f 100644 --- a/Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.cpp +++ b/Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.cpp @@ -1236,7 +1236,8 @@ WebIDL::ExceptionOr> http_redirect_fetch(JS::Realm& r // 18. Append locationURL to request’s URL list. request->url_list().append(location_url); - // FIXME: 19. Invoke set request’s referrer policy on redirect on request and internalResponse. + // 19. Invoke set request’s referrer policy on redirect on request and internalResponse. + ReferrerPolicy::set_request_referrer_policy_on_redirect(request, internal_response); // 20. Let recursive be true. auto recursive = Recursive::Yes; diff --git a/Userland/Libraries/LibWeb/ReferrerPolicy/AbstractOperations.cpp b/Userland/Libraries/LibWeb/ReferrerPolicy/AbstractOperations.cpp index e125d675b97..2dbb14ff9bc 100644 --- a/Userland/Libraries/LibWeb/ReferrerPolicy/AbstractOperations.cpp +++ b/Userland/Libraries/LibWeb/ReferrerPolicy/AbstractOperations.cpp @@ -1,5 +1,6 @@ /* * Copyright (c) 2022, Linus Groh + * Copyright (c) 2024, Jamie Mansfield * * SPDX-License-Identifier: BSD-2-Clause */ @@ -16,6 +17,39 @@ namespace Web::ReferrerPolicy { +// https://w3c.github.io/webappsec-referrer-policy/#parse-referrer-policy-from-header +ReferrerPolicy parse_a_referrer_policy_from_a_referrer_policy_header(Fetch::Infrastructure::Response const& response) +{ + // 1. Let policy-tokens be the result of extracting header list values given `Referrer-Policy` and response’s header list. + auto policy_tokens_or_failure = Fetch::Infrastructure::extract_header_list_values("Referrer-Policy"sv.bytes(), response.header_list()); + auto policy_tokens = policy_tokens_or_failure.has>() ? policy_tokens_or_failure.get>() : Vector {}; + + // 2. Let policy be the empty string. + auto policy = ReferrerPolicy::EmptyString; + + // 3. For each token in policy-tokens, if token is a referrer policy and token is not the empty string, then set policy to token. + for (auto token : policy_tokens) { + auto referrer_policy = from_string(token); + if (referrer_policy.has_value() && referrer_policy.release_value() != ReferrerPolicy::EmptyString) + policy = referrer_policy.release_value(); + } + + // 4. Return policy. + return policy; +} + +// https://w3c.github.io/webappsec-referrer-policy/#set-requests-referrer-policy-on-redirect +void set_request_referrer_policy_on_redirect(Fetch::Infrastructure::Request& request, Fetch::Infrastructure::Response const& response) +{ + // 1. Let policy be the result of executing § 8.1 Parse a referrer policy from a Referrer-Policy header on + // actualResponse. + auto policy = parse_a_referrer_policy_from_a_referrer_policy_header(response); + + // 2. If policy is not the empty string, then set request’s referrer policy to policy. + if (policy != ReferrerPolicy::EmptyString) + request.set_referrer_policy(policy); +} + // https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer Optional determine_requests_referrer(Fetch::Infrastructure::Request const& request) { diff --git a/Userland/Libraries/LibWeb/ReferrerPolicy/AbstractOperations.h b/Userland/Libraries/LibWeb/ReferrerPolicy/AbstractOperations.h index bc077f90768..b6de25a6bdc 100644 --- a/Userland/Libraries/LibWeb/ReferrerPolicy/AbstractOperations.h +++ b/Userland/Libraries/LibWeb/ReferrerPolicy/AbstractOperations.h @@ -1,5 +1,6 @@ /* * Copyright (c) 2022, Linus Groh + * Copyright (c) 2024, Jamie Mansfield * * SPDX-License-Identifier: BSD-2-Clause */ @@ -8,6 +9,7 @@ #include #include +#include namespace Web::ReferrerPolicy { @@ -16,6 +18,8 @@ enum class OriginOnly { No, }; +ReferrerPolicy parse_a_referrer_policy_from_a_referrer_policy_header(Fetch::Infrastructure::Response const&); +void set_request_referrer_policy_on_redirect(Fetch::Infrastructure::Request&, Fetch::Infrastructure::Response const&); Optional determine_requests_referrer(Fetch::Infrastructure::Request const&); Optional strip_url_for_use_as_referrer(Optional, OriginOnly origin_only = OriginOnly::No);