[Webkit-unassigned] [Bug 155754] New: Safari does not send Referer Header to iframe src in certain situations

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 22 10:23:53 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=155754

            Bug ID: 155754
           Summary: Safari does not send Referer Header to iframe src in
                    certain situations
    Classification: Unclassified
           Product: WebKit
           Version: Safari 9
          Hardware: iOS
                OS: iOS 9.3
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: adam at sproutvideo.com

Overview:
Safari seems to no longer send a Referer header when loading a page through an iframe in some situations. I'm still trying to isolate the exact cause, but it seems to happen reliably when an external reference, such as a javascript file or css file, is loaded in the document head. Also, the Accept header seems to switch to */* instead of text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Steps to Reproduce:
1) I set up a test case here: https://sproutvideo-examples.s3.amazonaws.com/safari_headers_b.html. View this page in Safari on a device running iOS 9.3
2) Refresh the page if the HTTP_REFERER header is still displayed. It should disappear after a reload.


Actual Results:
HTTP_REFERER header is missing
HTTP_ACCEPT header is */*

Expected Results:
HTTP_REFERER header should be https://sproutvideo-examples.s3.amazonaws.com/safari_headers_b.html
HTTP_ACCEPT header should be text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Platform:
iOS 9.3

Other Platforms:
Works as expected on iOS 9.2 and below
Works as expected on Safari, Chrome, Opera, and Firefox on Mac OSX 10.11.3
Works as expected on Safari, Chrome, Firefox, Opera, Edge, and IE on Windows 10

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160322/6fc388bd/attachment.html>

More information about the webkit-unassigned mailing list