Bug 154588

Summary: Support origin-when-cross-origin Referrer policy
Product: WebKit Reporter: Derk-Jan Hartman <hartman.wiki>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: achristensen, ap, bburg, beidson, dbates, ddkilzer, fdn2, github.erisds, jacob.bednarz, jayvdb, jkatz, sam, steffen.weber, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=170061
Attachments:
Description Flags
Screenshot of the error none

Derk-Jan Hartman
Reported 2016-02-23 08:50:26 PST
Wikipedia is now using a meta tag for the referrer with origin-when-cross-origin. This meta tag is now reporting an error on Safari 9.0 and the latest Webkit nightly [Error] Failed to set referrer policy: The value 'origin-when-cross-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'. (index.php, line 22) The reference for this policy is: https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-meta Reasoning as to why Wikipedia is using this policy can be found in: https://phabricator.wikimedia.org/T87276
Attachments
Screenshot of the error (78.79 KB, image/png)
2016-08-19 07:28 PDT, Hannah Wolfe 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Derk-Jan Hartman
Comment 1 2016-02-23 17:45:12 PST
<meta name="referrer" content="origin-when-cross-origin" />
Hannah Wolfe
Comment 2 2016-08-19 07:28:37 PDT
Created attachment 286452 [details] Screenshot of the error
Hannah Wolfe
Comment 3 2016-08-19 07:30:42 PDT
I've added a screenshot showing this error. Ghost also recently switched its referrer policy to origin-when-cross-origin and as a result we've run into this issue. It is quite disheartening to find this sat here, with no response in over 6 months :( Is there some other place that is tracking the missing support for modern referrer policies?
François-Xavier de Guillebon
Comment 4 2017-02-24 02:54:01 PST
This is kind of annoying for us too. We are using this meta value at Dassault Systèmes for some of our online products and Safari is showing some errors on the console as it doesn't support this 'origin-when-cross-origin' referrer meta value. I hope this can be fixed in a future version, but as previous comments got no answers I'm doubtfull.
Jon Katz
Comment 5 2017-03-06 14:02:01 PST
I hope someone can fix this soon. It has been over a year and it breaks how internal teams and external researchers interpret Wikipedia traffic on Safari browsers. Due to how little data we collect from our users to respect privacy concerns, the ratio of external to internal is often used as a weak proxy for visit depth and that metric is effectively broken.
Radar WebKit Bug Importer
Comment 6 2017-03-06 14:28:13 PST
<rdar://problem/30879036>
Derk-Jan Hartman
Comment 7 2017-08-31 12:46:12 PDT
It seems as if this is available in Safari Technology Preview v38 and later.
Daniel Bates
Comment 8 2017-08-31 17:17:10 PDT
*** This bug has been marked as a duplicate of bug 175069 ***
Note You need to log in before you can comment on or make changes to this bug.