Bug 97233

Summary: CSP reports should send an empty 'referrer' rather than nothing.
Product: WebKit Reporter: Mike West <mkwst>
Component: WebCore Misc.Assignee: Mike West <mkwst>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, webkit.review.bot
Priority: P2 Keywords: WebExposed
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Mike West
Reported 2012-09-20 10:32:14 PDT
If no referrer exists, we don't send a 'referrer' attribute at all. It would be friendlier to send an explicitly empty referrer.
Attachments
Patch (9.95 KB, patch)
2012-09-20 10:45 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2012-09-20 10:45:51 PDT
Created attachment 164942 [details] Patch
Mike West
Comment 2 2012-09-20 10:47:15 PDT
At least one developer found this surprising. *shrug* It's a trivial change, and it's arguably a more explicit description of what's going on. WDYT, Adam?
Mike West
Comment 3 2012-09-20 10:47:44 PDT
https://twitter.com/adam_baldwin/status/248836426131701760 <-- the thread.
Adam Barth
Comment 4 2012-09-20 11:14:21 PDT
Comment on attachment 164942 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=164942&action=review > Source/WebCore/ChangeLog:11 > + Currently, if a protected resource doesn't have a referrer, then any > + Content Security Policy violations send a report that doesn't contain > + a referrer attribute. It's arguably friendlier to developers to include > + an explicitly empty attribute. Yeah, it's also what the spec says to do. :)
Mike West
Comment 5 2012-09-20 11:20:16 PDT
(In reply to comment #4) > (From update of attachment 164942 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=164942&action=review > > > Source/WebCore/ChangeLog:11 > > + Currently, if a protected resource doesn't have a referrer, then any > > + Content Security Policy violations send a report that doesn't contain > > + a referrer attribute. It's arguably friendlier to developers to include > > + an explicitly empty attribute. > > Yeah, it's also what the spec says to do. :) Specs... ha! Like anyone reads those... Thanks! :)
WebKit Review Bot
Comment 6 2012-09-20 11:52:10 PDT
Comment on attachment 164942 [details] Patch Clearing flags on attachment: 164942 Committed r129150: <http://trac.webkit.org/changeset/129150>
WebKit Review Bot
Comment 7 2012-09-20 11:52:13 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.