[Webkit-unassigned] [Bug 185732] New: Assets requested on behalf of another asset have the wrong Referer header

Thu May 17 09:09:13 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=185732

            Bug ID: 185732
           Summary: Assets requested on behalf of another asset have the
                    wrong Referer header
           Product: WebKit
           Version: Safari 11
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: bernardo.araujo at shopify.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

How to reproduce:

Scenario, request a page that have a CSS asset hosted by a CDN, this asset contain a few `font-face` declarations.
When requesting those fonts I would expect the `Referer` header to have the CDN domain in it, not my original webpage.

Example:

1. Page `example-a.com`
2. CDN `my-cdn.com` which hosts `myasset.css`
3. When `myasset.css` triggers a font request I would expect the `Referer` header to contain `my-cdn.com` instead of `example-a.com`

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180517/ff31fd46/attachment.html>