[Webkit-unassigned] [Bug 208681] New: A request's referrer string should be used to determine if request is cross-origin

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 5 17:23:23 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=208681

            Bug ID: 208681
           Summary: A request's referrer string should be used to
                    determine if request is cross-origin
           Product: WebKit
           Version: Safari 13
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: domfarolino at gmail.com

Currently the Referrer Policy standard, and seemingly WebKit, both compare a request's origin and request's current URL's origin, when determining if a request is cross-origin or not, for the purpose of the same-origin / origin-when-cross-origin referrer policy. We're interested in changing the standard to instead compare the request's _referrer string's_ origin with the request's current URL's origin. These are not always the same comparison. Consequently, Safari fails the proposed tests:

 - https://github.com/web-platform-tests/wpt/pull/22038

Please see https://github.com/w3c/webappsec-referrer-policy/issues/123 for more details

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200306/c1aee2d6/attachment.htm>

More information about the webkit-unassigned mailing list