Google Git
Sign in
chromium / chromium / src.git / fbd4411a2ebfa8543aa757053cd52a9201616451^! / . / net / url_request / url_request_http_job.cc
commitfbd4411a2ebfa8543aa757053cd52a9201616451[log] [tgz]
authorMike West <[email protected]>Wed May 08 18:23:37 2019
committerCommit Bot <[email protected]>Wed May 08 18:23:37 2019
tree6f6b07ddfbb0cb3914ee2a70f0fada240c9ac900
parent9bb9a611b713e7d4e01f780a4bd69277cfc681e3 [diff] [blame]
Introduce a flag to cap `referer` length to something reasonable.

This patch measures the length of `referer` header values in the
status quo, and introduces a flag which will strip the header down
to its origin if a configurable limit is exceeded.

We'll run some experiments once we're gathering data to determine
what a reasonable limit might look like.

Bug: 959757
Change-Id: I56e10af369399e19dfc92e0245f896804b696210
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1595872
Reviewed-by: Matt Menke <[email protected]>
Reviewed-by: Robert Kaplow <[email protected]>
Commit-Queue: Mike West <[email protected]>
Cr-Commit-Position: refs/heads/master@{#657784}

diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 0abab13..1412493 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc

@@ -17,6 +17,7 @@
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_functions.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/numerics/safe_conversions.h"
 #include "base/rand_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
@@ -25,6 +26,7 @@
 #include "base/time/time.h"
 #include "base/trace_event/trace_event.h"
 #include "base/values.h"
+#include "net/base/features.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/http_user_agent_settings.h"
 #include "net/base/load_flags.h"
@@ -340,8 +342,17 @@
   // Our consumer should have made sure that this is a safe referrer. See for
   // instance WebCore::FrameLoader::HideReferrer.
   if (referrer.is_valid()) {
+    std::string referer_value = referrer.spec();
+    UMA_HISTOGRAM_COUNTS_10000("Referrer.HeaderLength", referer_value.length());
+    if (base::FeatureList::IsEnabled(features::kCapRefererHeaderLength) &&
+        base::saturated_cast<int>(referer_value.length()) >
+            features::kMaxRefererHeaderLength.Get()) {
+      // Strip the referrer down to its origin, but ensure that it's serialized
+      // as a URL (e.g. retaining a trailing `/` character).
+      referer_value = url::Origin::Create(referrer).GetURL().spec();
+    }
     request_info_.extra_headers.SetHeader(HttpRequestHeaders::kReferer,
-                                          referrer.spec());
+                                          referer_value);
   }
 
   request_info_.extra_headers.SetHeaderIfMissing(