228323 2021-07-27 06:50:36 -0700 [ITP] Investigate making cross-site Referrer stripping stricter, using origin instead 2021-07-28 04:02:54 -0700 1 1 1 Unclassified WebKit Page Loading WebKit Local Build Unspecified Unspecified NEW InRadar P2 Normal --- 1 gsnedders webkit-unassigned achristensen beidson webkit-bug-importer wilander oldest_to_newest 1779735 0 gsnedders 2021-07-27 06:50:36 -0700 Currently on ToT, with the Referrer-Policy default now strict-origin-when-cross-origin, the ITP cross-site referrer stripping only applies when a Referrer-Policy of unsafe-url or no-referrer-when-downgrade is set. It would be worthwhile seeing if we can get away (compat wise) with making ITP stricter than the current cross-site restrictions; specifically, it would be nice to see if we could enforce this on origin boundaries as this would mean we could simply treat unsafe-url as origin-when-cross-origin and no-referrer-when-downgrade as strict-origin-when-cross-origin. To me, this is aesthetically nicer, as our behaviour can then always be explained in terms of Referrer-Policy. 1780011 1 webkit-bug-importer 2021-07-28 04:02:54 -0700 <rdar://problem/81210147>