|Summary:||Support origin-when-cross-origin Referrer policy|
|Product:||WebKit||Reporter:||Derk-Jan Hartman <hartman.wiki>|
|Component:||Page Loading||Assignee:||Nobody <webkit-unassigned>|
|Severity:||Normal||CC:||achristensen, ap, bburg, beidson, dbates, ddkilzer, fdn2, github.erisds, jacob.bednarz, jayvdb, jkatz, sam, steffen.weber, webkit-bug-importer, wilander|
|Version:||WebKit Nightly Build|
Description Derk-Jan Hartman 2016-02-23 08:50:26 PST
Wikipedia is now using a meta tag for the referrer with origin-when-cross-origin. This meta tag is now reporting an error on Safari 9.0 and the latest Webkit nightly [Error] Failed to set referrer policy: The value 'origin-when-cross-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'. (index.php, line 22) The reference for this policy is: https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-meta Reasoning as to why Wikipedia is using this policy can be found in: https://phabricator.wikimedia.org/T87276
Comment 1 Derk-Jan Hartman 2016-02-23 17:45:12 PST
<meta name="referrer" content="origin-when-cross-origin" />
Comment 2 Hannah Wolfe 2016-08-19 07:28:37 PDT
Created attachment 286452 [details] Screenshot of the error
Comment 3 Hannah Wolfe 2016-08-19 07:30:42 PDT
I've added a screenshot showing this error. Ghost also recently switched its referrer policy to origin-when-cross-origin and as a result we've run into this issue. It is quite disheartening to find this sat here, with no response in over 6 months :( Is there some other place that is tracking the missing support for modern referrer policies?
Comment 4 François-Xavier de Guillebon 2017-02-24 02:54:01 PST
This is kind of annoying for us too. We are using this meta value at Dassault Systèmes for some of our online products and Safari is showing some errors on the console as it doesn't support this 'origin-when-cross-origin' referrer meta value. I hope this can be fixed in a future version, but as previous comments got no answers I'm doubtfull.
Comment 5 Jon Katz 2017-03-06 14:02:01 PST
I hope someone can fix this soon. It has been over a year and it breaks how internal teams and external researchers interpret Wikipedia traffic on Safari browsers. Due to how little data we collect from our users to respect privacy concerns, the ratio of external to internal is often used as a weak proxy for visit depth and that metric is effectively broken.
Comment 7 Derk-Jan Hartman 2017-08-31 12:46:12 PDT
It seems as if this is available in Safari Technology Preview v38 and later.