RESOLVED FIXED 188248
service worker fetch handler results in bad referrer 
https://bugs.webkit.org/show_bug.cgi?id=188248
Summary service worker fetch handler results in bad referrer
Ben Roberts
Reported 2018-08-01 20:41:53 PDT
Installing a service worker with any kind of fetch handler (even a "pass-through" one, as in attached demo) can cause bad referrer values to be sent for fetches which shouldn't have a referrer. Example: external clicks, manual entering the address into the URL bar, etc. should not send any referrer. Instead a referrer value will be sent equal to the source of the service worker file location. This is contrary to spec https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.36 eg "The Referer field MUST NOT be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard." See https://passthrough-fetch-referer.glitch.me for demo. Load in private window, refresh to see bug.
Attachments
WIP (7.00 KB, patch)
2019-01-04 14:06 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (7.40 KB, patch)
2019-01-04 15:39 PST, youenn fablet 		ews-watchlist: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews103 for mac-sierra (2.73 MB, application/zip)
2019-01-04 16:41 PST, EWS Watchlist 		no flags
Details
Patch (12.62 KB, patch)
2019-01-04 17:15 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews101 for mac-sierra (2.58 MB, application/zip)
2019-01-04 18:12 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews106 for mac-sierra-wk2 (3.85 MB, application/zip)
2019-01-04 18:39 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews202 for win-future (12.86 MB, application/zip)
2019-01-04 18:53 PST, EWS Watchlist 		no flags
Details
Patch (17.75 KB, patch)
2019-01-04 19:20 PST, youenn fablet 		ews-watchlist: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews102 for mac-sierra (2.62 MB, application/zip)
2019-01-04 21:01 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews125 for ios-simulator-wk2 (9.64 MB, application/zip)
2019-01-04 21:05 PST, EWS Watchlist 		no flags
Details
Patch (18.66 KB, patch)
2019-01-05 19:06 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (18.58 KB, patch)
2019-01-05 19:46 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (11) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-01-04 10:07:28 PST
<rdar://problem/47050478>
youenn fablet
Comment 2 2019-01-04 14:06:07 PST
Created attachment 358364 [details] WIP
youenn fablet
Comment 3 2019-01-04 15:39:55 PST
Created attachment 358386 [details] Patch
EWS Watchlist
Comment 4 2019-01-04 16:41:39 PST
Comment on attachment 358386 [details] Patch Attachment 358386 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/10634319 New failing tests: http/tests/misc/object-embedding-svg-delayed-size-negotiation-2.htm http/tests/security/referrer-policy-redirect-link.html
EWS Watchlist
Comment 5 2019-01-04 16:41:40 PST
Created attachment 358395 [details] Archive of layout-test-results from ews103 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-sierra Platform: Mac OS X 10.12.6
youenn fablet
Comment 6 2019-01-04 17:15:42 PST
Created attachment 358402 [details] Patch
EWS Watchlist
Comment 7 2019-01-04 18:12:21 PST
Comment on attachment 358402 [details] Patch Attachment 358402 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/10635445 New failing tests: http/wpt/css/css-animations/start-animation-001.html
EWS Watchlist
Comment 8 2019-01-04 18:12:23 PST
Created attachment 358410 [details] Archive of layout-test-results from ews101 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-sierra Platform: Mac OS X 10.12.6
EWS Watchlist
Comment 9 2019-01-04 18:39:29 PST
Comment on attachment 358402 [details] Patch Attachment 358402 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/10635532 New failing tests: http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html
EWS Watchlist
Comment 10 2019-01-04 18:39:31 PST
Created attachment 358416 [details] Archive of layout-test-results from ews106 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6
EWS Watchlist
Comment 11 2019-01-04 18:53:44 PST
Comment on attachment 358402 [details] Patch Attachment 358402 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/10635631 New failing tests: js/dom/custom-constructors.html
EWS Watchlist
Comment 12 2019-01-04 18:53:55 PST
Created attachment 358419 [details] Archive of layout-test-results from ews202 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews202 Port: win-future Platform: CYGWIN_NT-6.1-2.10.0-0.325-5-3-x86_64-64bit
youenn fablet
Comment 13 2019-01-04 19:20:36 PST
Created attachment 358424 [details] Patch
EWS Watchlist
Comment 14 2019-01-04 21:01:01 PST
Comment on attachment 358424 [details] Patch Attachment 358424 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/10636841 New failing tests: http/wpt/css/css-animations/start-animation-001.html
EWS Watchlist
Comment 15 2019-01-04 21:01:03 PST
Created attachment 358428 [details] Archive of layout-test-results from ews102 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-sierra Platform: Mac OS X 10.12.6
EWS Watchlist
Comment 16 2019-01-04 21:05:06 PST
Comment on attachment 358424 [details] Patch Attachment 358424 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10636628 New failing tests: http/tests/security/referrer-policy-redirect-link-downgrade.html
EWS Watchlist
Comment 17 2019-01-04 21:05:08 PST
Created attachment 358429 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
youenn fablet
Comment 18 2019-01-05 19:05:37 PST
Mac error is unrelated iOS error is related (new test added not passing) but the sibling test which is almost the same (http/tests/security/referrer-policy-redirect-link.html) is skipped on iOS-sim (git history is not clear about why it was skipped there.
youenn fablet
Comment 19 2019-01-05 19:06:58 PST
Created attachment 358452 [details] Patch
youenn fablet
Comment 20 2019-01-05 19:46:42 PST
Created attachment 358454 [details] Patch
WebKit Commit Bot
Comment 21 2019-01-08 15:06:20 PST
Comment on attachment 358454 [details] Patch Clearing flags on attachment: 358454 Committed r239749: <https://trac.webkit.org/changeset/239749>
WebKit Commit Bot
Comment 22 2019-01-08 15:06:22 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.