WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
208681
A request's referrer string should be used to determine if request is cross-origin
https://bugs.webkit.org/show_bug.cgi?id=208681
Summary
A request's referrer string should be used to determine if request is cross-o...
Dominic Farolino
Reported
2020-03-05 17:23:23 PST
Currently the Referrer Policy standard, and seemingly WebKit, both compare a request's origin and request's current URL's origin, when determining if a request is cross-origin or not, for the purpose of the same-origin / origin-when-cross-origin referrer policy. We're interested in changing the standard to instead compare the request's _referrer string's_ origin with the request's current URL's origin. These are not always the same comparison. Consequently, Safari fails the proposed tests: -
https://github.com/web-platform-tests/wpt/pull/22038
Please see
https://github.com/w3c/webappsec-referrer-policy/issues/123
for more details
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2020-03-08 17:55:00 PDT
<
rdar://problem/60207139
>
Ahmad Saleem
Comment 2
2022-10-08 17:32:52 PDT
Safari Technology Preview 154 still few tests:
https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/module/referrer-same-origin.sub.html?label=experimental&label=master&aligned&view=subtest&q=the%20script%20element
and
https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/module/referrer-origin-when-cross-origin.sub.html?label=master&label=experimental&aligned&view=subtest&q=the%20script%20element
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug