From c72ae9d8a1a7131129a4336ff891437d9cdf349f Mon Sep 17 00:00:00 2001
From: Tim Huang <tihuang@mozilla.com>
Date: Mon, 9 Aug 2021 19:02:23 +0000
Subject: [PATCH] Bug 1720295 - Part 1: Report console message for disallow
 relaxing default referrer policy. r=ckerschb

This patch adds console message for disallowing relaxing default
referrer policy. The console message will only be reported if less
restricted policy has been set for cross-site requests. And it will use
different messages according to whether the restriction is enabled or
not.

Differential Revision: https://phabricator.services.mozilla.com/D121699
---
 .../en-US/chrome/security/security.properties |  5 +++
 dom/security/ReferrerInfo.cpp                 | 41 ++++++++++++++++---
 2 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/dom/locales/en-US/chrome/security/security.properties b/dom/locales/en-US/chrome/security/security.properties
index d0044ce16d3a..c0d59d9f52f3 100644
--- a/dom/locales/en-US/chrome/security/security.properties
+++ b/dom/locales/en-US/chrome/security/security.properties
@@ -125,6 +125,11 @@ ReferrerLengthOverLimitation=HTTP Referrer header: Length is over “%1$S” byt
 # LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI.
 ReferrerOriginLengthOverLimitation=HTTP Referrer header: Length of origin within referrer is over “%1$S” bytes limit - removing referrer with origin “%2$S”.
 
+# LOCALIZATION NOTE: Do not translate "no-referrer-when-downgrade", "origin-when-cross-origin" and "unsafe-url". %S is the URI of the loading channel.
+ReferrerPolicyDisallowRelaxingWarning=Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request: %S
+# LOCALIZATION NOTE: %1$S is the ignored referrer policy, %2$S is the URI of the loading channel.
+ReferrerPolicyDisallowRelaxingMessage=Referrer Policy: Ignoring the less restricted referrer policy “%1$S” for the cross-site request: %2$S
+
 # X-Frame-Options
 # LOCALIZATION NOTE(XFrameOptionsInvalid): %1$S is the header value, %2$S is frame URI. Do not translate "X-Frame-Options".
 XFrameOptionsInvalid = Invalid X-Frame-Options header was found when loading “%2$S”: “%1$S” is not a valid directive.
diff --git a/dom/security/ReferrerInfo.cpp b/dom/security/ReferrerInfo.cpp
index 8e1a777dd69a..aa700926ddaf 100644
--- a/dom/security/ReferrerInfo.cpp
+++ b/dom/security/ReferrerInfo.cpp
@@ -699,10 +699,6 @@ bool ReferrerInfo::ShouldIgnoreLessRestrictedPolicies(
     nsIHttpChannel* aChannel, const ReferrerPolicyEnum aPolicy) const {
   MOZ_ASSERT(aChannel);
 
-  if (!StaticPrefs::network_http_referer_disallowCrossSiteRelaxingDefault()) {
-    return false;
-  }
-
   // We only care about the less restricted policies.
   if (aPolicy != ReferrerPolicy::Unsafe_url &&
       aPolicy != ReferrerPolicy::No_referrer_when_downgrade &&
@@ -710,6 +706,24 @@ bool ReferrerInfo::ShouldIgnoreLessRestrictedPolicies(
     return false;
   }
 
+  bool isCrossSite = IsCrossSiteRequest(aChannel);
+
+  if (!StaticPrefs::network_http_referer_disallowCrossSiteRelaxingDefault()) {
+    // Log the warning message to console to inform that we will ignore
+    // less restricted policies for cross-site requests in the future.
+    if (isCrossSite) {
+      nsCOMPtr<nsIURI> uri;
+      nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
+      NS_ENSURE_SUCCESS(rv, false);
+
+      AutoTArray<nsString, 1> params = {
+          NS_ConvertUTF8toUTF16(uri->GetSpecOrDefault())};
+      LogMessageToConsole(aChannel, "ReferrerPolicyDisallowRelaxingWarning",
+                          params);
+    }
+    return false;
+  }
+
   nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
 
   // Check if the channel is triggered by the system or the extension.
@@ -720,7 +734,24 @@ bool ReferrerInfo::ShouldIgnoreLessRestrictedPolicies(
     return false;
   }
 
-  return IsCrossSiteRequest(aChannel);
+  if (isCrossSite) {
+    // Log the console message to say that the less restricted policy was
+    // ignored.
+    nsCOMPtr<nsIURI> uri;
+    nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
+    NS_ENSURE_SUCCESS(rv, true);
+
+    uint32_t idx = static_cast<uint32_t>(aPolicy);
+
+    AutoTArray<nsString, 2> params = {
+        NS_ConvertUTF8toUTF16(
+            nsDependentCString(ReferrerPolicyValues::strings[idx].value)),
+        NS_ConvertUTF8toUTF16(uri->GetSpecOrDefault())};
+    LogMessageToConsole(aChannel, "ReferrerPolicyDisallowRelaxingMessage",
+                        params);
+  }
+
+  return isCrossSite;
 }
 
 void ReferrerInfo::LogMessageToConsole(