1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef ReferrerPolicy_h__
#define ReferrerPolicy_h__
#include "nsStringGlue.h"
#include "nsIHttpChannel.h"
#include "nsUnicharUtils.h"
namespace mozilla { namespace net {
enum ReferrerPolicy {
/* spec tokens: never no-referrer */
RP_No_Referrer = nsIHttpChannel::REFERRER_POLICY_NO_REFERRER,
/* spec tokens: origin */
RP_Origin = nsIHttpChannel::REFERRER_POLICY_ORIGIN,
/* spec tokens: default no-referrer-when-downgrade */
RP_No_Referrer_When_Downgrade = nsIHttpChannel::REFERRER_POLICY_NO_REFERRER_WHEN_DOWNGRADE,
RP_Default = nsIHttpChannel::REFERRER_POLICY_DEFAULT,
/* spec tokens: origin-when-cross-origin */
RP_Origin_When_Crossorigin = nsIHttpChannel::REFERRER_POLICY_ORIGIN_WHEN_XORIGIN,
/* spec tokens: always unsafe-url */
RP_Unsafe_URL = nsIHttpChannel::REFERRER_POLICY_UNSAFE_URL,
/* spec tokens: same-origin */
RP_Same_Origin = nsIHttpChannel::REFERRER_POLICY_SAME_ORIGIN,
/* spec tokens: strict-origin */
RP_Strict_Origin = nsIHttpChannel::REFERRER_POLICY_STRICT_ORIGIN,
/* spec tokens: strict-origin-when-cross-origin */
RP_Strict_Origin_When_Cross_Origin = nsIHttpChannel::REFERRER_POLICY_STRICT_ORIGIN_WHEN_XORIGIN,
/* spec tokens: empty string */
/* The empty string "" corresponds to no referrer policy, or unset policy */
RP_Unset = nsIHttpChannel::REFERRER_POLICY_UNSET,
};
/* spec tokens: never no-referrer */
const char kRPS_Never[] = "never";
const char kRPS_No_Referrer[] = "no-referrer";
/* spec tokens: origin */
const char kRPS_Origin[] = "origin";
/* spec tokens: default no-referrer-when-downgrade */
const char kRPS_Default[] = "default";
const char kRPS_No_Referrer_When_Downgrade[] = "no-referrer-when-downgrade";
/* spec tokens: origin-when-cross-origin */
const char kRPS_Origin_When_Cross_Origin[] = "origin-when-cross-origin";
const char kRPS_Origin_When_Crossorigin[] = "origin-when-crossorigin";
/* spec tokens: same-origin */
const char kRPS_Same_Origin[] = "same-origin";
/* spec tokens: strict-origin */
const char kRPS_Strict_Origin[] = "strict-origin";
/* spec tokens: strict-origin-when-cross-origin */
const char kRPS_Strict_Origin_When_Cross_Origin[] = "strict-origin-when-cross-origin";
/* spec tokens: always unsafe-url */
const char kRPS_Always[] = "always";
const char kRPS_Unsafe_URL[] = "unsafe-url";
inline ReferrerPolicy
ReferrerPolicyFromString(const nsAString& content)
{
if (content.IsEmpty()) {
return RP_No_Referrer;
}
nsString lowerContent(content);
ToLowerCase(lowerContent);
// This is implemented step by step as described in the Referrer Policy
// specification, section "Determine token's Policy".
if (lowerContent.EqualsLiteral(kRPS_Never) ||
lowerContent.EqualsLiteral(kRPS_No_Referrer)) {
return RP_No_Referrer;
}
if (lowerContent.EqualsLiteral(kRPS_Origin)) {
return RP_Origin;
}
if (lowerContent.EqualsLiteral(kRPS_Default) ||
lowerContent.EqualsLiteral(kRPS_No_Referrer_When_Downgrade)) {
return RP_No_Referrer_When_Downgrade;
}
if (lowerContent.EqualsLiteral(kRPS_Origin_When_Cross_Origin) ||
lowerContent.EqualsLiteral(kRPS_Origin_When_Crossorigin)) {
return RP_Origin_When_Crossorigin;
}
if (lowerContent.EqualsLiteral(kRPS_Same_Origin)) {
return RP_Same_Origin;
}
if (lowerContent.EqualsLiteral(kRPS_Strict_Origin)) {
return RP_Strict_Origin;
}
if (lowerContent.EqualsLiteral(kRPS_Strict_Origin_When_Cross_Origin)) {
return RP_Strict_Origin_When_Cross_Origin;
}
if (lowerContent.EqualsLiteral(kRPS_Always) ||
lowerContent.EqualsLiteral(kRPS_Unsafe_URL)) {
return RP_Unsafe_URL;
}
// Spec says if none of the previous match, use empty string.
return RP_Unset;
}
inline bool
IsValidReferrerPolicy(const nsAString& content)
{
if (content.IsEmpty()) {
return true;
}
nsString lowerContent(content);
ToLowerCase(lowerContent);
return lowerContent.EqualsLiteral(kRPS_Never)
|| lowerContent.EqualsLiteral(kRPS_No_Referrer)
|| lowerContent.EqualsLiteral(kRPS_Origin)
|| lowerContent.EqualsLiteral(kRPS_Default)
|| lowerContent.EqualsLiteral(kRPS_No_Referrer_When_Downgrade)
|| lowerContent.EqualsLiteral(kRPS_Origin_When_Cross_Origin)
|| lowerContent.EqualsLiteral(kRPS_Origin_When_Crossorigin)
|| lowerContent.EqualsLiteral(kRPS_Same_Origin)
|| lowerContent.EqualsLiteral(kRPS_Strict_Origin)
|| lowerContent.EqualsLiteral(kRPS_Strict_Origin_When_Cross_Origin)
|| lowerContent.EqualsLiteral(kRPS_Always)
|| lowerContent.EqualsLiteral(kRPS_Unsafe_URL);
}
inline ReferrerPolicy
AttributeReferrerPolicyFromString(const nsAString& content)
{
// Specs : https://html.spec.whatwg.org/multipage/infrastructure.html#referrer-policy-attribute
// Spec says the empty string "" corresponds to no referrer policy, or RP_Unset
if (content.IsEmpty()) {
return RP_Unset;
}
nsString lowerContent(content);
ToLowerCase(lowerContent);
if (lowerContent.EqualsLiteral(kRPS_No_Referrer)) {
return RP_No_Referrer;
}
if (lowerContent.EqualsLiteral(kRPS_Origin)) {
return RP_Origin;
}
if (lowerContent.EqualsLiteral(kRPS_No_Referrer_When_Downgrade)) {
return RP_No_Referrer_When_Downgrade;
}
if (lowerContent.EqualsLiteral(kRPS_Origin_When_Cross_Origin)) {
return RP_Origin_When_Crossorigin;
}
if (lowerContent.EqualsLiteral(kRPS_Unsafe_URL)) {
return RP_Unsafe_URL;
}
if (lowerContent.EqualsLiteral(kRPS_Strict_Origin)) {
return RP_Strict_Origin;
}
if (lowerContent.EqualsLiteral(kRPS_Same_Origin)) {
return RP_Same_Origin;
}
if (lowerContent.EqualsLiteral(kRPS_Strict_Origin_When_Cross_Origin)) {
return RP_Strict_Origin_When_Cross_Origin;
}
// Spec says invalid value default is empty string state
// So, return RP_Unset if none of the previous match, return RP_Unset
return RP_Unset;
}
} // namespace net
} // namespace mozilla
#endif
|