1 // Copyright 2020 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_URL_REQUEST_REFERRER_POLICY_H_ 6 #define NET_URL_REQUEST_REFERRER_POLICY_H_ 7 8 #include <optional> 9 #include <string_view> 10 11 #include "net/base/net_export.h" 12 13 namespace net { 14 15 // A ReferrerPolicy controls the contents of the Referer header when URLRequest 16 // following HTTP redirects. Note that setting a ReferrerPolicy on the request 17 // has no effect on the Referer header of the initial leg of the request; the 18 // caller is responsible for setting the initial Referer, and the ReferrerPolicy 19 // only controls what happens to the Referer while following redirects. 20 // 21 // NOTE: This enum is persisted to histograms. Do not change or reorder values. 22 // TODO(~M89): Once the Net.URLRequest.ReferrerPolicyForRequest metric is 23 // retired. 24 enum class ReferrerPolicy { 25 // Clear the referrer header if the header value is HTTPS but the request 26 // destination is HTTP. This is the default behavior of URLRequest. 27 CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE = 0, 28 // A slight variant on CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE: 29 // If the request destination is HTTP, an HTTPS referrer will be cleared. If 30 // the request's destination is cross-origin with the referrer (but does not 31 // downgrade), the referrer's granularity will be stripped down to an origin 32 // rather than a full URL. Same-origin requests will send the full referrer. 33 REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN = 1, 34 // Strip the referrer down to an origin when the origin of the referrer is 35 // different from the destination's origin. 36 ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN = 2, 37 // Never change the referrer. 38 NEVER_CLEAR = 3, 39 // Strip the referrer down to the origin regardless of the redirect 40 // location. 41 ORIGIN = 4, 42 // Clear the referrer when the request's referrer is cross-origin with 43 // the request's destination. 44 CLEAR_ON_TRANSITION_CROSS_ORIGIN = 5, 45 // Strip the referrer down to the origin, but clear it entirely if the 46 // referrer value is HTTPS and the destination is HTTP. 47 ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE = 6, 48 // Always clear the referrer regardless of the request destination. 49 NO_REFERRER = 7, 50 MAX = NO_REFERRER, 51 }; 52 53 // Convert the last known-valid value of a pre-concatenated "Referrer-Policy" 54 // header to the corresponding ReferrerPolicy. For example, the input "origin, 55 // strict-origin" would result in output of 56 // ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE. If no 57 // recognized values were found then std::nullopt is returned. 58 59 // TODO(crbug.com/40217150): Consider updating 60 // blink::SecurityPolicy::ReferrerPolicyFromString() to use this. 61 NET_EXPORT std::optional<ReferrerPolicy> ReferrerPolicyFromHeader( 62 std::string_view referrer_policy_header_value); 63 64 } // namespace net 65 66 #endif // NET_URL_REQUEST_REFERRER_POLICY_H_ 67