lpeg_patterns/http.lua: Add Referrer_Policy pattern

Closes #13
daurnimator · Jul 15, 2018 · 5a94ab2 · 5a94ab2
1 parent 0a20380
commit 5a94ab2
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/NEWS b/NEWS
@@ -3,7 +3,7 @@ UNRELEASED
   - http: Cache-Control directives are case-normalised and grouped into pairs
   - http: Strict_Transport_Security now returns a table and doesn't match on duplicates
   - http: Public_Key_Pins capture format and validation
-  - http: New Expect_CT pattern
+  - http: New Expect_CT and Referrer_Policy patterns
 
 
 0.4 - 2016-11-23

diff --git a/README.md b/README.md
@@ -315,6 +315,11 @@ These patterns should be considered to have non stable APIs.
   - `Expect_CT` (pattern)
 
 
+#### [Referrer-Policy header](https://www.w3.org/TR/referrer-policy/#referrer-policy-header)
+
+  - `Referrer_Policy` (pattern)
+
+
 ### `phone`
 
   - `phone` (pattern): includes detailed checking for:

diff --git a/lpeg_patterns/http.lua b/lpeg_patterns/http.lua
@@ -662,4 +662,15 @@ _M.Alt_Used = uri.host * (P":" * uri.port)^-1
 local expect_ct_directive = directive
 _M.Expect_CT = no_dup(comma_sep_trim(expect_ct_directive))
 
+-- https://www.w3.org/TR/referrer-policy/#referrer-policy-header
+local policy_token = C"no-referrer"
+	+ C"no-referrer-when-downgrade"
+	+ C"strict-origin"
+	+ C"strict-origin-when-cross-origin"
+	+ C"same-origin"
+	+ C"origin"
+	+ C"origin-when-cross-origin"
+	+ C"unsafe-url"
+_M.Referrer_Policy = comma_sep_trim(policy_token, 1)
+
 return _M