Bug 97233 - CSP reports should send an empty 'referrer' rather than nothing.
Summary: CSP reports should send an empty 'referrer' rather than nothing.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mike West
URL:
Keywords: WebExposed
Depends on:
Blocks:
 
Reported: 2012-09-20 10:32 PDT by Mike West
Modified: 2012-09-20 11:52 PDT (History)
2 users (show)

See Also:


Attachments
Patch (9.95 KB, patch)
2012-09-20 10:45 PDT, Mike West
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mike West 2012-09-20 10:32:14 PDT
If no referrer exists, we don't send a 'referrer' attribute at all. It would be friendlier to send an explicitly empty referrer.
Comment 1 Mike West 2012-09-20 10:45:51 PDT
Created attachment 164942 [details]
Patch
Comment 2 Mike West 2012-09-20 10:47:15 PDT
At least one developer found this surprising. *shrug* It's a trivial change, and it's arguably a more explicit description of what's going on.

WDYT, Adam?
Comment 3 Mike West 2012-09-20 10:47:44 PDT
https://twitter.com/adam_baldwin/status/248836426131701760 <-- the thread.
Comment 4 Adam Barth 2012-09-20 11:14:21 PDT
Comment on attachment 164942 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=164942&action=review

> Source/WebCore/ChangeLog:11
> +        Currently, if a protected resource doesn't have a referrer, then any
> +        Content Security Policy violations send a report that doesn't contain
> +        a referrer attribute. It's arguably friendlier to developers to include
> +        an explicitly empty attribute.

Yeah, it's also what the spec says to do.  :)
Comment 5 Mike West 2012-09-20 11:20:16 PDT
(In reply to comment #4)
> (From update of attachment 164942 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=164942&action=review
> 
> > Source/WebCore/ChangeLog:11
> > +        Currently, if a protected resource doesn't have a referrer, then any
> > +        Content Security Policy violations send a report that doesn't contain
> > +        a referrer attribute. It's arguably friendlier to developers to include
> > +        an explicitly empty attribute.
> 
> Yeah, it's also what the spec says to do.  :)

Specs... ha! Like anyone reads those...

Thanks! :)
Comment 6 WebKit Review Bot 2012-09-20 11:52:10 PDT
Comment on attachment 164942 [details]
Patch

Clearing flags on attachment: 164942

Committed r129150: <http://trac.webkit.org/changeset/129150>
Comment 7 WebKit Review Bot 2012-09-20 11:52:13 PDT
All reviewed patches have been landed.  Closing bug.