Bug 228291

Summary: Referrer-Policy not properly applying with iframe redirections
Product: WebKit Reporter: Sam Sneddon [:gsnedders] <gsnedders>
Component: Page LoadingAssignee: Alex Christensen <achristensen>
Status: NEW    
Severity: Normal CC: achristensen, beidson, bfulgham, cdumez, ews-watchlist, japhet, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
URL: http://wpt.live/referrer-policy/gen/top.http-rp/same-origin/iframe-tag.http.html
Attachments:
Description Flags
Patch ews-feeder: commit-queue-

Sam Sneddon [:gsnedders]
Reported 2021-07-26 12:07:08 PDT
wpt.fyi shows a variety of iframe-related failures: https://wpt.fyi/results/referrer-policy/gen?label=master&label=experimental&product=chrome&product=firefox&product=webkitgtk&aligned&q=count%3A2%28status%3Apass%29%20none%28status%3Amissing%7Cstatus%3Anotrun%29%20%21sharedworker (using WebKitGTK as it contains more recent fixes in this area than the latest STP run) Essentially, regardless of where the policy is specified, we fail to apply a policy on redirection from same (HTTP, not HTTPS) origin, and hence end up sending the Referrer when we shouldn't.
Attachments
Patch (2.29 KB, patch)
2021-07-28 17:06 PDT, Alex Christensen 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2021-07-28 17:06:15 PDT
Created attachment 434478 [details] Patch
Alex Christensen
Comment 2 2021-07-28 17:44:49 PDT
Comment on attachment 434478 [details] Patch This also breaks several other tests. This isn't quite right.
Alex Christensen
Comment 3 2021-07-28 19:12:39 PDT
SubresourceLoader::checkRedirectionCrossOriginAccessControl is also a good place to look around
Radar WebKit Bug Importer
Comment 4 2021-08-02 12:08:28 PDT
<rdar://problem/81423168>
Note You need to log in before you can comment on or make changes to this bug.