RESOLVED FIXED 97233
CSP reports should send an empty 'referrer' rather than nothing.
https://bugs.webkit.org/show_bug.cgi?id=97233
Summary CSP reports should send an empty 'referrer' rather than nothing.
Mike West
Reported 2012-09-20 10:32:14 PDT
If no referrer exists, we don't send a 'referrer' attribute at all. It would be friendlier to send an explicitly empty referrer.
Attachments
Patch (9.95 KB, patch)
2012-09-20 10:45 PDT, Mike West
no flags
Mike West
Comment 1 2012-09-20 10:45:51 PDT
Mike West
Comment 2 2012-09-20 10:47:15 PDT
At least one developer found this surprising. *shrug* It's a trivial change, and it's arguably a more explicit description of what's going on. WDYT, Adam?
Mike West
Comment 3 2012-09-20 10:47:44 PDT
Adam Barth
Comment 4 2012-09-20 11:14:21 PDT
Comment on attachment 164942 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=164942&action=review > Source/WebCore/ChangeLog:11 > + Currently, if a protected resource doesn't have a referrer, then any > + Content Security Policy violations send a report that doesn't contain > + a referrer attribute. It's arguably friendlier to developers to include > + an explicitly empty attribute. Yeah, it's also what the spec says to do. :)
Mike West
Comment 5 2012-09-20 11:20:16 PDT
(In reply to comment #4) > (From update of attachment 164942 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=164942&action=review > > > Source/WebCore/ChangeLog:11 > > + Currently, if a protected resource doesn't have a referrer, then any > > + Content Security Policy violations send a report that doesn't contain > > + a referrer attribute. It's arguably friendlier to developers to include > > + an explicitly empty attribute. > > Yeah, it's also what the spec says to do. :) Specs... ha! Like anyone reads those... Thanks! :)
WebKit Review Bot
Comment 6 2012-09-20 11:52:10 PDT
Comment on attachment 164942 [details] Patch Clearing flags on attachment: 164942 Committed r129150: <http://trac.webkit.org/changeset/129150>
WebKit Review Bot
Comment 7 2012-09-20 11:52:13 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.