Bug 208681
| Summary: | A request's referrer string should be used to determine if request is cross-origin | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Dominic Farolino <domfarolino> |
| Component: | DOM | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, ahmad.saleem792, cdumez, webkit-bug-importer, youennf |
| Priority: | P2 | Keywords: | InRadar, WPTImpact |
| Version: | Safari 13 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Dominic Farolino
Currently the Referrer Policy standard, and seemingly WebKit, both compare a request's origin and request's current URL's origin, when determining if a request is cross-origin or not, for the purpose of the same-origin / origin-when-cross-origin referrer policy. We're interested in changing the standard to instead compare the request's _referrer string's_ origin with the request's current URL's origin. These are not always the same comparison. Consequently, Safari fails the proposed tests:
- https://github.com/web-platform-tests/wpt/pull/22038
Please see https://github.com/w3c/webappsec-referrer-policy/issues/123 for more details
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/60207139>
Ahmad Saleem
Safari Technology Preview 154 still few tests:
https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/module/referrer-same-origin.sub.html?label=experimental&label=master&aligned&view=subtest&q=the%20script%20element
and
https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/module/referrer-origin-when-cross-origin.sub.html?label=master&label=experimental&aligned&view=subtest&q=the%20script%20element