commit 10e6cadecfcf0a58ce2a2240e88180d96ec303d9
author Matt Menke <mmenke@chromium.org> Wed Jun 20 12:54:20 2018
committer Commit Bot <commit-bot@chromium.org> Wed Jun 20 12:54:20 2018
tree 8b1d8ab2526227d8d0314814262dc545f520fb53
parent 4cc4b91548e0b7944577e0fb5a2fa683f13ac096

NetworkService: Make requests with bad referrers fail.

This moves logic for this case from ChromeNetworkDelegate to
NetworkContext's NetworkDelegate, and adds a Mojo parameter to cause
requests with bad referrers to fail (enabled by default).

Also removes the action Net.URLRequest_StartJob_InvalidReferrer rather
than moving it, as it was unowned.

Bug: 852871
Cq-Include-Trybots: luci.chromium.try:ios-simulator-full-configs;luci.chromium.try:linux_mojo;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: I9d6d55157ba28e2b12ca7136b78330100a8673aa
Reviewed-on: https://chromium-review.googlesource.com/1103119
Reviewed-by: Gayane Petrosyan <gayane@chromium.org>
Reviewed-by: David Roger <droger@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#568807}

chrome/browser/net/chrome_network_delegate.cc

diff --git a/chrome/browser/net/chrome_network_delegate.cc b/chrome/browser/net/chrome_network_delegate.cc
index 45a38097..e489529 100644
--- a/chrome/browser/net/chrome_network_delegate.cc
+++ b/chrome/browser/net/chrome_network_delegate.cc
@@ -94,24 +94,6 @@
   std::move(callback).Run(rv);
 }
 
-void ReportInvalidReferrerSendOnUI() {
-  base::RecordAction(
-      base::UserMetricsAction("Net.URLRequest_StartJob_InvalidReferrer"));
-}
-
-void ReportInvalidReferrerSend(const GURL& target_url,
-                               const GURL& referrer_url) {
-  LOG(ERROR) << "Cancelling request to " << target_url
-             << " with invalid referrer " << referrer_url;
-  // Record information to help debug http://crbug.com/422871
-  if (!target_url.SchemeIsHTTPOrHTTPS())
-    return;
-  BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
-                          base::BindOnce(&ReportInvalidReferrerSendOnUI));
-  base::debug::DumpWithoutCrashing();
-  NOTREACHED();
-}
-
 // Record network errors that HTTP requests complete with, including OK and
 // ABORTED.
 void RecordNetworkErrorHistograms(const net::URLRequest* request,
@@ -496,7 +478,9 @@
     const net::URLRequest& request,
     const GURL& target_url,
     const GURL& referrer_url) const {
-  ReportInvalidReferrerSend(target_url, referrer_url);
+  // These errors should be handled by the NetworkDelegate wrapper created by
+  // the owning NetworkContext.
+  NOTREACHED();
   return true;
 }
 

chrome/browser/net/network_context_configuration_browsertest.cc

diff --git a/chrome/browser/net/network_context_configuration_browsertest.cc b/chrome/browser/net/network_context_configuration_browsertest.cc
index 11e3d07..fb7175a 100644
--- a/chrome/browser/net/network_context_configuration_browsertest.cc
+++ b/chrome/browser/net/network_context_configuration_browsertest.cc
@@ -56,6 +56,7 @@
 #include "net/test/embedded_test_server/http_response.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
+#include "net/url_request/url_request.h"
 #include "services/network/public/cpp/features.h"
 #include "services/network/public/cpp/resource_response.h"
 #include "services/network/public/cpp/resource_response_info.h"
@@ -945,6 +946,36 @@
   EXPECT_EQ("None", referrer);
 }
 
+// Make sure that sending referrers that violate the referrer policy results in
+// errors.
+IN_PROC_BROWSER_TEST_P(NetworkContextConfigurationBrowserTest,
+                       PolicyViolatingReferrers) {
+  std::unique_ptr<network::ResourceRequest> request =
+      std::make_unique<network::ResourceRequest>();
+  request->url = embedded_test_server()->GetURL("/echoheader?Referer");
+  request->referrer = GURL("http://referrer/");
+  request->referrer_policy = net::URLRequest::NO_REFERRER;
+  content::SimpleURLLoaderTestHelper simple_loader_helper;
+  std::unique_ptr<network::SimpleURLLoader> simple_loader =
+      network::SimpleURLLoader::Create(std::move(request),
+                                       TRAFFIC_ANNOTATION_FOR_TESTS);
+
+  simple_loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie(
+      loader_factory(), simple_loader_helper.GetCallback());
+  simple_loader_helper.WaitForCallback();
+  if (GetParam().network_context_type == NetworkContextType::kSafeBrowsing &&
+      base::FeatureList::IsEnabled(network::features::kNetworkService)) {
+    // Safebrowsing ignores referrers, when the network service is enabled, so
+    // the requests succeed.
+    EXPECT_EQ(net::OK, simple_loader->NetError());
+    ASSERT_TRUE(simple_loader_helper.response_body());
+    EXPECT_EQ("None", *simple_loader_helper.response_body());
+  } else {
+    // In all other cases, the invalid referrer causes the request to fail.
+    EXPECT_EQ(net::ERR_BLOCKED_BY_CLIENT, simple_loader->NetError());
+  }
+}
+
 class NetworkContextConfigurationFixedPortBrowserTest
     : public NetworkContextConfigurationBrowserTest {
  public: