[Webkit-unassigned] [Bug 188248] New: service worker fetch handler results in bad referrer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 1 20:41:53 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188248
Bug ID: 188248
Summary: service worker fetch handler results in bad referrer
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Service Workers
Assignee: webkit-unassigned at lists.webkit.org
Reporter: bjr.roberts at gmail.com
Installing a service worker with any kind of fetch handler (even a "pass-through" one, as in attached demo) can cause bad referrer values to be sent for fetches which shouldn't have a referrer. Example: external clicks, manual entering the address into the URL bar, etc. should not send any referrer. Instead a referrer value will be sent equal to the source of the service worker file location.
This is contrary to spec https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.36
eg "The Referer field MUST NOT be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard."
See https://passthrough-fetch-referer.glitch.me for demo. Load in private window, refresh to see bug.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180802/e0ce590a/attachment.html>
More information about the webkit-unassigned
mailing list