WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
161902
[Fetch API] Referrer and Origin header should not be considered as safe request headers
https://bugs.webkit.org/show_bug.cgi?id=161902
Summary
[Fetch API] Referrer and Origin header should not be considered as safe reque...
youenn fablet
Reported
2016-09-13 04:06:47 PDT
As stated in
https://fetch.spec.whatwg.org/#cors-safelisted-request-header
, Referrer and Origin are not safe request headers.
Attachments
Patch
(26.42 KB, patch)
2016-09-13 05:26 PDT
,
youenn fablet
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
youenn fablet
Comment 1
2016-09-13 04:07:20 PDT
As per fetch, these headers are set after preflighting.
youenn fablet
Comment 2
2016-09-13 05:26:41 PDT
Created
attachment 288688
[details]
Patch
Alex Christensen
Comment 3
2016-09-13 10:54:23 PDT
Comment on
attachment 288688
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=288688&action=review
> Source/WebCore/Modules/fetch/FetchLoader.cpp:96 > + if (referrer == "no-referrer") {
Should this be a case-insensitive comparison?
> Source/WebCore/Modules/fetch/FetchLoader.cpp:100 > + referrer = (referrer == "client") ? context.url().strippedForUseAsReferrer() : URL(context.url(), referrer).strippedForUseAsReferrer();
ditto
youenn fablet
Comment 4
2016-09-13 11:30:07 PDT
(In reply to
comment #3
)
> Comment on
attachment 288688
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=288688&action=review
> > > Source/WebCore/Modules/fetch/FetchLoader.cpp:96 > > + if (referrer == "no-referrer") { > > Should this be a case-insensitive comparison?
This is not necessary.
> > Source/WebCore/Modules/fetch/FetchLoader.cpp:100 > > + referrer = (referrer == "client") ? context.url().strippedForUseAsReferrer() : URL(context.url(), referrer).strippedForUseAsReferrer(); > > ditto
This is not necessary either. "client" is a string computed within FetchRequest when given parameter is about:client or ABOUT:client. We could add a test for different "about" casing, but this is not related to this patch. In another patch, as a small improvement, we could make fetch referrer as a structure instead of a string. That would allow to remove the need for string comparison.
WebKit Commit Bot
Comment 5
2016-09-16 00:35:53 PDT
Comment on
attachment 288688
[details]
Patch Clearing flags on attachment: 288688 Committed
r206009
: <
http://trac.webkit.org/changeset/206009
>
WebKit Commit Bot
Comment 6
2016-09-16 00:36:02 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug