[webkit-dev] Adding <meta name="referrer"> to WebCore

Joe Mason jmason at rim.com
Tue Mar 6 08:40:06 PST 2012


Yes, thank you.
________________________________________
From: eisinger at google.com [eisinger at google.com] on behalf of Jochen Eisinger [jochen at chromium.org]
Sent: Tuesday, March 06, 2012 11:38 AM
To: Joe Mason
Cc: WebKit Development
Subject: Re: [webkit-dev] Adding <meta name="referrer"> to WebCore

On Tue, Mar 6, 2012 at 5:31 PM, Joe Mason <jmason at rim.com<mailto:jmason at rim.com>> wrote:
What happens if this extra plumbing isn't one? Is the tag just ignored?

The ResourceRequest objects generated by WebCore will contain the correct header according to the referrer policy, e.g. if you click on a link, the generated ResourceRequest will have the "right" referrer header according to the policy.

If you generate requests outside of WebCore, the header will have whatever value you set for it, e.g. in chromium, when you right click on a link and select "open in new tab", this would open a new tab with the default referrer policy which might be incorrect. To set the correct referrer header, I added the current frame's referrer policy to the context menu parameters that are passed over the chromium WebKit API, so the header for the request stemming from the context menu can now be set correctly.

A port like Safari that uses WebKit to handle context menus won't have this problem, because the request is generated from within WebCore.

Does that answer your question?

best
-jochen

________________________________________
From: webkit-dev-bounces at lists.webkit.org<mailto:webkit-dev-bounces at lists.webkit.org> [webkit-dev-bounces at lists.webkit.org<mailto:webkit-dev-bounces at lists.webkit.org>] on behalf of Jochen Eisinger [jochen at chromium.org<mailto:jochen at chromium.org>]
Sent: Tuesday, March 06, 2012 10:58 AM
To: WebKit Development
Subject: [webkit-dev] Adding <meta name="referrer"> to WebCore

Hey all,

this is a belated announcement of the <meta name="referrer"> feature. It allows web sites to specify different policies for sending referrers, without resorting to ugly redirect hacks. This feature is currently a proposal: http://wiki.whatwg.org/wiki/Meta_referrer

The implementation of the feature was tracked here: https://bugs.webkit.org/show_bug.cgi?id=72674

I'm sorry that this mail goes out after the feature has landed. Thank you, Maciej, for pointing this out.

The feature is also not behind a flag. If any of the ports would prefer, I can add such a flag.

In order to make the feature work with your port, you might need to add some extra plumbing. Here's a list of changes that were required for Chromium (AFAIK it works out of the box for Safari):

- the chromium out-of-process network stack would enforce the referrer policy on redirects, so the referrer policy needed to be plumbed there
- context menus in chromium are also out-of-process, so the referrer policy needed to be plumbed there for "open in new tab" etc
- the tab navigation history in chromium is out-of-process, as well as storing the navigation history on disk for session restore, so the policy had to be plumbed there as well

The feature is covered by layout tests in http/tests/security/referrer-policy-*html

Looking forward to your comments

best
-jochen

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.


---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.


More information about the webkit-dev mailing list