Installing a service worker with any kind of fetch handler (even a "pass-through" one, as in attached demo) can cause bad referrer values to be sent for fetches which shouldn't have a referrer. Example: external clicks, manual entering the address into the URL bar, etc. should not send any referrer. Instead a referrer value will be sent equal to the source of the service worker file location. This is contrary to spec https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.36 eg "The Referer field MUST NOT be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard." See https://passthrough-fetch-referer.glitch.me for demo. Load in private window, refresh to see bug.
<rdar://problem/47050478>
Created attachment 358364 [details] WIP
Created attachment 358386 [details] Patch
Comment on attachment 358386 [details] Patch Attachment 358386 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/10634319 New failing tests: http/tests/misc/object-embedding-svg-delayed-size-negotiation-2.htm http/tests/security/referrer-policy-redirect-link.html
Created attachment 358395 [details] Archive of layout-test-results from ews103 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-sierra Platform: Mac OS X 10.12.6
Created attachment 358402 [details] Patch
Comment on attachment 358402 [details] Patch Attachment 358402 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/10635445 New failing tests: http/wpt/css/css-animations/start-animation-001.html
Created attachment 358410 [details] Archive of layout-test-results from ews101 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-sierra Platform: Mac OS X 10.12.6
Comment on attachment 358402 [details] Patch Attachment 358402 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/10635532 New failing tests: http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html
Created attachment 358416 [details] Archive of layout-test-results from ews106 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6
Comment on attachment 358402 [details] Patch Attachment 358402 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/10635631 New failing tests: js/dom/custom-constructors.html
Created attachment 358419 [details] Archive of layout-test-results from ews202 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews202 Port: win-future Platform: CYGWIN_NT-6.1-2.10.0-0.325-5-3-x86_64-64bit
Created attachment 358424 [details] Patch
Comment on attachment 358424 [details] Patch Attachment 358424 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/10636841 New failing tests: http/wpt/css/css-animations/start-animation-001.html
Created attachment 358428 [details] Archive of layout-test-results from ews102 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-sierra Platform: Mac OS X 10.12.6
Comment on attachment 358424 [details] Patch Attachment 358424 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10636628 New failing tests: http/tests/security/referrer-policy-redirect-link-downgrade.html
Created attachment 358429 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
Mac error is unrelated iOS error is related (new test added not passing) but the sibling test which is almost the same (http/tests/security/referrer-policy-redirect-link.html) is skipped on iOS-sim (git history is not clear about why it was skipped there.
Created attachment 358452 [details] Patch
Created attachment 358454 [details] Patch
Comment on attachment 358454 [details] Patch Clearing flags on attachment: 358454 Committed r239749: <https://trac.webkit.org/changeset/239749>
All reviewed patches have been landed. Closing bug.