WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
97233
CSP reports should send an empty 'referrer' rather than nothing.
https://bugs.webkit.org/show_bug.cgi?id=97233
Summary
CSP reports should send an empty 'referrer' rather than nothing.
Mike West
Reported
2012-09-20 10:32:14 PDT
If no referrer exists, we don't send a 'referrer' attribute at all. It would be friendlier to send an explicitly empty referrer.
Attachments
Patch
(9.95 KB, patch)
2012-09-20 10:45 PDT
,
Mike West
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Mike West
Comment 1
2012-09-20 10:45:51 PDT
Created
attachment 164942
[details]
Patch
Mike West
Comment 2
2012-09-20 10:47:15 PDT
At least one developer found this surprising. *shrug* It's a trivial change, and it's arguably a more explicit description of what's going on. WDYT, Adam?
Mike West
Comment 3
2012-09-20 10:47:44 PDT
https://twitter.com/adam_baldwin/status/248836426131701760
<-- the thread.
Adam Barth
Comment 4
2012-09-20 11:14:21 PDT
Comment on
attachment 164942
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=164942&action=review
> Source/WebCore/ChangeLog:11 > + Currently, if a protected resource doesn't have a referrer, then any > + Content Security Policy violations send a report that doesn't contain > + a referrer attribute. It's arguably friendlier to developers to include > + an explicitly empty attribute.
Yeah, it's also what the spec says to do. :)
Mike West
Comment 5
2012-09-20 11:20:16 PDT
(In reply to
comment #4
)
> (From update of
attachment 164942
[details]
) > View in context:
https://bugs.webkit.org/attachment.cgi?id=164942&action=review
> > > Source/WebCore/ChangeLog:11 > > + Currently, if a protected resource doesn't have a referrer, then any > > + Content Security Policy violations send a report that doesn't contain > > + a referrer attribute. It's arguably friendlier to developers to include > > + an explicitly empty attribute. > > Yeah, it's also what the spec says to do. :)
Specs... ha! Like anyone reads those... Thanks! :)
WebKit Review Bot
Comment 6
2012-09-20 11:52:10 PDT
Comment on
attachment 164942
[details]
Patch Clearing flags on attachment: 164942 Committed
r129150
: <
http://trac.webkit.org/changeset/129150
>
WebKit Review Bot
Comment 7
2012-09-20 11:52:13 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug