Bug 228324
| Summary: | Investigate removing Referrer in all HTTPS -> HTTP cases | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Sam Sneddon [:gsnedders] <gsnedders> |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, beidson, webkit-bug-importer, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Sam Sneddon [:gsnedders]
While less useful in the short term due to SNI providing leakage of the cross-site origin anyway, once ECH has more support the only data available to a passive monitor is the IP address of the secure origin; as such, at that point, it would become a big shame to then be leaking it through the Referer header when navigating to an insecure origin.
This doesn't happen by default on ToT, given the Referrer-Policy default of strict-origin-when-cross-origin means we don't send a Referer in the HTTPS -> HTTP case anyway, but we should probably investigate making all the Referrer-Policy behave like this. (See Bug 228323, which is related insofar as it suggests overriding the policy in other ways.)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/81210169>