[webkit-dev] Adding <meta name="referrer"> to WebCore

Tue Mar 6 08:38:45 PST 2012

On Tue, Mar 6, 2012 at 5:31 PM, Joe Mason <jmason at rim.com> wrote:

> What happens if this extra plumbing isn't one? Is the tag just ignored?
>

The ResourceRequest objects generated by WebCore will contain the correct
header according to the referrer policy, e.g. if you click on a link, the
generated ResourceRequest will have the "right" referrer header according
to the policy.

If you generate requests outside of WebCore, the header will have whatever
value you set for it, e.g. in chromium, when you right click on a link and
select "open in new tab", this would open a new tab with the default
referrer policy which might be incorrect. To set the correct referrer
header, I added the current frame's referrer policy to the context menu
parameters that are passed over the chromium WebKit API, so the header for
the request stemming from the context menu can now be set correctly.

A port like Safari that uses WebKit to handle context menus won't have this
problem, because the request is generated from within WebCore.

Does that answer your question?

best
-jochen

> ________________________________________
> From: webkit-dev-bounces at lists.webkit.org [
> webkit-dev-bounces at lists.webkit.org] on behalf of Jochen Eisinger [
> jochen at chromium.org]
> Sent: Tuesday, March 06, 2012 10:58 AM
> To: WebKit Development
> Subject: [webkit-dev] Adding <meta name="referrer"> to WebCore
>
> Hey all,
>
> this is a belated announcement of the <meta name="referrer"> feature. It
> allows web sites to specify different policies for sending referrers,
> without resorting to ugly redirect hacks. This feature is currently a
> proposal: http://wiki.whatwg.org/wiki/Meta_referrer
>
> The implementation of the feature was tracked here:
> https://bugs.webkit.org/show_bug.cgi?id=72674
>
> I'm sorry that this mail goes out after the feature has landed. Thank you,
> Maciej, for pointing this out.
>
> The feature is also not behind a flag. If any of the ports would prefer, I
> can add such a flag.
>
> In order to make the feature work with your port, you might need to add
> some extra plumbing. Here's a list of changes that were required for
> Chromium (AFAIK it works out of the box for Safari):
>
> - the chromium out-of-process network stack would enforce the referrer
> policy on redirects, so the referrer policy needed to be plumbed there
> - context menus in chromium are also out-of-process, so the referrer
> policy needed to be plumbed there for "open in new tab" etc
> - the tab navigation history in chromium is out-of-process, as well as
> storing the navigation history on disk for session restore, so the policy
> had to be plumbed there as well
>
> The feature is covered by layout tests in
> http/tests/security/referrer-policy-*html
>
> Looking forward to your comments
>
> best
> -jochen
>
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential
> information, privileged material (including material protected by the
> solicitor-client or other applicable privileges), or constitute non-public
> information. Any use of this information by anyone other than the intended
> recipient is prohibited. If you have received this transmission in error,
> please immediately reply to the sender and delete this information from
> your system. Use, dissemination, distribution, or reproduction of this
> transmission by unintended recipients is not authorized and may be unlawful.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20120306/f09a2df5/attachment.html>