228324 2021-07-27 08:03:41 -0700 Investigate removing Referrer in all HTTPS -> HTTP cases 2021-07-28 04:03:24 -0700 1 1 1 Unclassified WebKit Page Loading WebKit Local Build Unspecified Unspecified NEW InRadar P2 Normal --- 1 gsnedders webkit-unassigned achristensen beidson webkit-bug-importer wilander oldest_to_newest 1779738 0 gsnedders 2021-07-27 08:03:41 -0700 While less useful in the short term due to SNI providing leakage of the cross-site origin anyway, once ECH has more support the only data available to a passive monitor is the IP address of the secure origin; as such, at that point, it would become a big shame to then be leaking it through the Referer header when navigating to an insecure origin. This doesn't happen by default on ToT, given the Referrer-Policy default of strict-origin-when-cross-origin means we don't send a Referer in the HTTPS -> HTTP case anyway, but we should probably investigate making all the Referrer-Policy behave like this. (See Bug 228323, which is related insofar as it suggests overriding the policy in other ways.) 1780012 1 webkit-bug-importer 2021-07-28 04:03:24 -0700 <rdar://problem/81210169>