Bug 208681 - A request's referrer string should be used to determine if request is cross-origin
Summary: A request's referrer string should be used to determine if request is cross-o...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: Safari 13
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar, WPTImpact
Depends on:
Blocks:
 
Reported: 2020-03-05 17:23 PST by Dominic Farolino
Modified: 2022-10-08 17:32 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dominic Farolino 2020-03-05 17:23:23 PST 
Currently the Referrer Policy standard, and seemingly WebKit, both compare a request's origin and request's current URL's origin, when determining if a request is cross-origin or not, for the purpose of the same-origin / origin-when-cross-origin referrer policy. We're interested in changing the standard to instead compare the request's _referrer string's_ origin with the request's current URL's origin. These are not always the same comparison. Consequently, Safari fails the proposed tests:

 - https://github.com/web-platform-tests/wpt/pull/22038

Please see https://github.com/w3c/webappsec-referrer-policy/issues/123 for more details
Comment 1 Radar WebKit Bug Importer 2020-03-08 17:55:00 PDT 
<rdar://problem/60207139>