diff --git a/lib/fetch/util.js b/lib/fetch/util.js index 4c20656fa3f..8ae26abf11b 100644 --- a/lib/fetch/util.js +++ b/lib/fetch/util.js @@ -335,7 +335,8 @@ function determineRequestsReferrer (request) { // referrerSource be requests's referrer. referrerSource = request.referrer } else { - // If referrerSource is null, then return "no-referrer". + // If referrerSource neither client nor instance of URL + // then return "no-referrer". return 'no-referrer' } @@ -359,7 +360,7 @@ function determineRequestsReferrer (request) { // source for use as referrer (using util function, with originOnly true) // 6. If result of seralizing referrerUrl is a string whose length is greater than // 4096, then set referrerURL to referrerOrigin - ? referrerOrigin = stripURLForReferrer(referrerSource, true) + ? (referrerOrigin = stripURLForReferrer(referrerSource, true)) : temp const areSameOrigin = sameOrigin(request, referrerUrl) const isNonPotentiallyTrustWorthy = isURLPotentiallyTrustworthy(referrerUrl) && @@ -368,37 +369,38 @@ function determineRequestsReferrer (request) { // NOTE: How to treat step 7? // 8. Execute the switch statements corresponding to the value of policy: switch (policy) { - case 'origin': return referrerOrigin + case 'origin': return referrerOrigin ?? stripURLForReferrer(referrerSource, true) case 'unsafe-url': return referrerUrl - case 'strict-origin': - /** - * 1. If referrerURL is a potentially trustworthy URL and - * request’s current URL is not a potentially trustworthy URL, - * then return no referrer. - * 2. Return referrerOrigin - */ - return isNonPotentiallyTrustWorthy ? 'no-referrer' : referrerOrigin - case 'strict-origin-when-cross-origin': - /** - * 1. If the origin of referrerURL and the origin of request’s current URL are the same, - * then return referrerURL. - * 2. If referrerURL is a potentially trustworthy URL and request’s current URL is not a - * potentially trustworthy URL, then return no referrer. - * 3. Return referrerOrigin - */ - if (areSameOrigin) return referrerOrigin - else return isNonPotentiallyTrustWorthy ? 'no-referrer' : referrerOrigin case 'same-origin': return areSameOrigin ? referrerOrigin : 'no-referrer' case 'origin-when-cross-origin': return areSameOrigin ? referrerUrl : referrerOrigin - case 'no-referrer-when-downgrade': + case 'strict-origin-when-cross-origin': + /** + * 1. If the origin of referrerURL and the origin of request’s current URL are the same, + * then return referrerURL. + * 2. If referrerURL is a potentially trustworthy URL and request’s current URL is not a + * potentially trustworthy URL, then return no referrer. + * 3. Return referrerOrigin + */ + if (areSameOrigin) return referrerOrigin + // else return isNonPotentiallyTrustWorthy ? 'no-referrer' : referrerOrigin + case 'strict-origin': // eslint-disable-line + /** + * 1. If referrerURL is a potentially trustworthy URL and + * request’s current URL is not a potentially trustworthy URL, + * then return no referrer. + * 2. Return referrerOrigin + */ + case 'no-referrer-when-downgrade': // eslint-disable-line /** * 1. If referrerURL is a potentially trustworthy URL and * request’s current URL is not a potentially trustworthy URL, * then return no referrer. * 2. Return referrerOrigin */ + + default: // eslint-disable-line return isNonPotentiallyTrustWorthy ? 'no-referrer' : referrerOrigin } @@ -408,12 +410,7 @@ function determineRequestsReferrer (request) { urlObject.password = '' urlObject.hash = '' - if (originOnly) { - urlObject.pathname = '' - urlObject.search = '' - } - - return urlObject.href + return originOnly ? urlObject.origin : urlObject.href } }