Since bug 822869 the referrer trimming has relied on using prePath when
trimming resulting in non-ASCII hosts being passed through in UTF-8 (or
whatever their encoding was.)
Prior to this patch, the logic when trimming was to generate the referrer
string using prePath and possibly nsIURL.filePath, then re-derive the
nsIURI from that string.
Concerned about the cost of introducing asciiPrePath just for this consumer,
I opted to have the code just combine the scheme and asciiHostPort to
approximate the prior use of prePath. (userPass is explicitly cleared by
the code.)
Concerned about weirdness/loss of fidelity in the nsIURI, I replaced the
code that re-derived the URI from the spec string with manual clearing
of the parts of the URI/URL we were not including. This may not be the
right thing to do.
I modified the existing Gecko-specific test coverage of SetReferrerPolicy.
The existing web platform tests and referrer policy didn't seem concerned
with this case, and the bug is indeed localized to a very small segment
of Gecko code. Note that the userReferrerTrimmingPolicy=1 bug case can
only be triggered by explicit user preference setting and this is only
tested in test_referrer.js. userReferrerTrimmingPolicy=2 need not be
set by preference if REFERRER_POLICY_ORIGIN or
REFERRER_POLICY_ORIGIN_WHEN_XORIGIN (when cross origin) is used.
Failure to do this will result in the consumers of
nsIHttpChannel::GetReferrer() observing the wrong referrer. The test in this
patch shows the scenarios which would fail under such conditions.
Failure to do this will result in the consumers of
nsIHttpChannel::GetReferrer() observing the wrong referrer. The test in this
patch shows the scenarios which would fail under such conditions.
Andrew Sutherland
Franziskus Kiefer
Carsten "Tomcat" Book
Ehsan Akhgari
Wes Kocher