Bug 154588

Summary: Support origin-when-cross-origin Referrer policy
Product: WebKit Reporter: Derk-Jan Hartman <hartman.wiki>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Severity: Normal CC: achristensen, ap, bburg, beidson, dbates, ddkilzer, fdn2, github.erisds, jacob.bednarz, jayvdb, jkatz, sam, steffen.weber, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=170061
Description Flags
Screenshot of the error none

Description Derk-Jan Hartman 2016-02-23 08:50:26 PST
Wikipedia is now using a meta tag for the referrer with origin-when-cross-origin.

This meta tag is now reporting an error on Safari 9.0 and the latest Webkit nightly
[Error] Failed to set referrer policy: The value 'origin-when-cross-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'. (index.php, line 22)

The reference for this policy is: https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-meta
Reasoning as to why Wikipedia is using this policy can be found in: https://phabricator.wikimedia.org/T87276
Comment 1 Derk-Jan Hartman 2016-02-23 17:45:12 PST
<meta name="referrer" content="origin-when-cross-origin" />
Comment 2 Hannah Wolfe 2016-08-19 07:28:37 PDT
Created attachment 286452 [details]
Screenshot of the error
Comment 3 Hannah Wolfe 2016-08-19 07:30:42 PDT
I've added a screenshot showing this error.

Ghost also recently switched its referrer policy to origin-when-cross-origin and as a result we've run into this issue.

It is quite disheartening to find this sat here, with no response in over 6 months :(

Is there some other place that is tracking the missing support for modern referrer policies?
Comment 4 François-Xavier de Guillebon 2017-02-24 02:54:01 PST
This is kind of annoying for us too.
We are using this meta value at Dassault Systèmes for some of our online products and Safari is showing some errors on the console as it doesn't support this 'origin-when-cross-origin' referrer meta value.

I hope this can be fixed in a future version, but as previous comments got no answers I'm doubtfull.
Comment 5 Jon Katz 2017-03-06 14:02:01 PST
I hope someone can fix this soon.  It has been over a year and it breaks how internal teams and external researchers interpret Wikipedia traffic on Safari browsers. Due to how little data we collect from our users to respect privacy concerns, the ratio of external to internal is often used as a weak proxy for visit depth and that metric is effectively broken.
Comment 6 Radar WebKit Bug Importer 2017-03-06 14:28:13 PST
Comment 7 Derk-Jan Hartman 2017-08-31 12:46:12 PDT
It seems as if this is available in Safari Technology Preview v38 and later.
Comment 8 Daniel Bates 2017-08-31 17:17:10 PDT

*** This bug has been marked as a duplicate of bug 175069 ***