As stated in https://fetch.spec.whatwg.org/#cors-safelisted-request-header, Referrer and Origin are not safe request headers.
As per fetch, these headers are set after preflighting.
Created attachment 288688 [details] Patch
Comment on attachment 288688 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288688&action=review > Source/WebCore/Modules/fetch/FetchLoader.cpp:96 > + if (referrer == "no-referrer") { Should this be a case-insensitive comparison? > Source/WebCore/Modules/fetch/FetchLoader.cpp:100 > + referrer = (referrer == "client") ? context.url().strippedForUseAsReferrer() : URL(context.url(), referrer).strippedForUseAsReferrer(); ditto
(In reply to comment #3) > Comment on attachment 288688 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=288688&action=review > > > Source/WebCore/Modules/fetch/FetchLoader.cpp:96 > > + if (referrer == "no-referrer") { > > Should this be a case-insensitive comparison? This is not necessary. > > Source/WebCore/Modules/fetch/FetchLoader.cpp:100 > > + referrer = (referrer == "client") ? context.url().strippedForUseAsReferrer() : URL(context.url(), referrer).strippedForUseAsReferrer(); > > ditto This is not necessary either. "client" is a string computed within FetchRequest when given parameter is about:client or ABOUT:client. We could add a test for different "about" casing, but this is not related to this patch. In another patch, as a small improvement, we could make fetch referrer as a structure instead of a string. That would allow to remove the need for string comparison.
Comment on attachment 288688 [details] Patch Clearing flags on attachment: 288688 Committed r206009: <http://trac.webkit.org/changeset/206009>
All reviewed patches have been landed. Closing bug.