Bug 169846 - Safari does not send HTTP_REFERER from iframe injected into parent iframe that has no src attribute
Summary: Safari does not send HTTP_REFERER from iframe injected into parent iframe tha...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: Safari 14
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords: BrowserCompat, InRadar
Depends on:
Blocks:
 
Reported: 2017-03-18 10:15 PDT by Adam Podolnick
Modified: 2021-04-06 10:14 PDT (History)
6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Podolnick 2017-03-18 10:15:36 PDT 
Safari / WebKit doesn't send the HTTP_REFERER header when loading an iframe that has been injected into a parent iframe that has no src attribute. This seems to be an issue unique to Safari. Chrome, Firefox, IE, Edge, Opera and Yandex all send the HTTP_REFERER header.

Steps to reproduce:
1) I set up a test case here: https://sproutvideo-examples.s3.amazonaws.com/iframe_problem.html . This page displays the request headers.

Expected Results:
The browser should send the HTTP_REFERER header with the request and the test case should display https://sproutvideo-examples.s3.amazonaws.com/iframe_problem.html as the HTTP_REFERER.

Actual Results:
The browser does not send the HTTP_REFERER header.


Platform:
All versions of Safari on all operating systems.

Other Platforms:
Every single browser (IE, Edge, Firefox, Chrome, Opera, Yandex) going back many versions and operating systems (Windows, MacOS/OSX, iOS, Android, etc) also going back several versions, behaves as expected and sends the HTTP_REFERER
Comment 1 Radar WebKit Bug Importer 2017-03-19 13:54:13 PDT 
<rdar://problem/31137534>
Comment 2 Adam Podolnick 2021-04-06 10:14:13 PDT 
Just checking in. It's been 4 years, and this still is broken in the current version of Safari. Is there any chance someone will take a look at this?