We should downgrade document.referrer for all third-party iframes to match the downgrade of all HTTP referrers for third-party resources.
<rdar://problem/55786397>
Created attachment 380074 [details] Patch
Created attachment 380129 [details] Patch
Fixed the one remaining test failure (http/tests/media/media-stream/enumerate-devices-source-id.html).
Created attachment 380144 [details] Patch
Fixed style error.
Comment on attachment 380144 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=380144&action=review Looks like a good change. It seems like some code could be consolidated. > Source/WebCore/dom/Document.cpp:4858 > + return m_referrerOverride; Could this just call 'Document::downgradeReferrerToRegistrableDomain()'? Or could this code be shared with that method? > LayoutTests/http/tests/media/media-stream/enumerate-devices-source-id.html:12 > + internals.setResourceLoadStatisticsEnabled(false); Lol. So many tests need ITP off. :-)
(In reply to Brent Fulgham from comment #7) > Comment on attachment 380144 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=380144&action=review > > Looks like a good change. It seems like some code could be consolidated. Thanks! > > Source/WebCore/dom/Document.cpp:4858 > > + return m_referrerOverride; > > Could this just call 'Document::downgradeReferrerToRegistrableDomain()'? Or > could this code be shared with that method? I thought about that but removing subdomains is more aggressive so I'd like to start with just the origin. downgradeReferrerToRegistrableDomain() is for the ITP 2.3 change after certain navigations whereas this change is across the board. > > LayoutTests/http/tests/media/media-stream/enumerate-devices-source-id.html:12 > > + internals.setResourceLoadStatisticsEnabled(false); > > Lol. So many tests need ITP off. :-) Yes. 🙄 We should remember to file an issue with WHATWG and/or W3C to allow downgraded referrers by default in web platform tests.
Created attachment 380155 [details] Patch for landing
Comment on attachment 380155 [details] Patch for landing Clearing flags on attachment: 380155 Committed r250676: <https://trac.webkit.org/changeset/250676>
All reviewed patches have been landed. Closing bug.