Bug 154588 - Support origin-when-cross-origin Referrer policy
Summary: Support origin-when-cross-origin Referrer policy
Status: RESOLVED DUPLICATE of bug 175069
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-02-23 08:50 PST by Derk-Jan Hartman
Modified: 2017-08-31 17:17 PDT (History)
15 users (show)

See Also:


Attachments
Screenshot of the error (78.79 KB, image/png)
2016-08-19 07:28 PDT, Hannah Wolfe
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Derk-Jan Hartman 2016-02-23 08:50:26 PST
Wikipedia is now using a meta tag for the referrer with origin-when-cross-origin.

This meta tag is now reporting an error on Safari 9.0 and the latest Webkit nightly
[Error] Failed to set referrer policy: The value 'origin-when-cross-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'. (index.php, line 22)

The reference for this policy is: https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-meta
Reasoning as to why Wikipedia is using this policy can be found in: https://phabricator.wikimedia.org/T87276
Comment 1 Derk-Jan Hartman 2016-02-23 17:45:12 PST
<meta name="referrer" content="origin-when-cross-origin" />
Comment 2 Hannah Wolfe 2016-08-19 07:28:37 PDT
Created attachment 286452 [details]
Screenshot of the error
Comment 3 Hannah Wolfe 2016-08-19 07:30:42 PDT
I've added a screenshot showing this error.

Ghost also recently switched its referrer policy to origin-when-cross-origin and as a result we've run into this issue.

It is quite disheartening to find this sat here, with no response in over 6 months :(

Is there some other place that is tracking the missing support for modern referrer policies?
Comment 4 François-Xavier de Guillebon 2017-02-24 02:54:01 PST
This is kind of annoying for us too.
We are using this meta value at Dassault Systèmes for some of our online products and Safari is showing some errors on the console as it doesn't support this 'origin-when-cross-origin' referrer meta value.

I hope this can be fixed in a future version, but as previous comments got no answers I'm doubtfull.
Comment 5 Jon Katz 2017-03-06 14:02:01 PST
I hope someone can fix this soon.  It has been over a year and it breaks how internal teams and external researchers interpret Wikipedia traffic on Safari browsers. Due to how little data we collect from our users to respect privacy concerns, the ratio of external to internal is often used as a weak proxy for visit depth and that metric is effectively broken.
Comment 6 Radar WebKit Bug Importer 2017-03-06 14:28:13 PST
<rdar://problem/30879036>
Comment 7 Derk-Jan Hartman 2017-08-31 12:46:12 PDT
It seems as if this is available in Safari Technology Preview v38 and later.
Comment 8 Daniel Bates 2017-08-31 17:17:10 PDT

*** This bug has been marked as a duplicate of bug 175069 ***