You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Main Fetch, HSTS upgrade step (4.1.10) runs after referrer determination steps. As a result of this, a request upgraded via HSTS may not have the correct referrer.
For example, a request with no-referrer-when-downgrade policy would normally drop the referrer when navigating from HTTPS to HTTP. If HSTS upgrades the HTTP URL to HTTPS, there's effectively no downgrade, so the referrer should actually not be dropped.
Ideally, the referrer determination should be made on the upgraded URL so as not to over-aggressively drop referrer information.
The text was updated successfully, but these errors were encountered:
What is the issue with the Fetch Standard?
In Main Fetch, HSTS upgrade step (4.1.10) runs after referrer determination steps. As a result of this, a request upgraded via HSTS may not have the correct referrer.
For example, a request with
no-referrer-when-downgradepolicy would normally drop the referrer when navigating from HTTPS to HTTP. If HSTS upgrades the HTTP URL to HTTPS, there's effectively no downgrade, so the referrer should actually not be dropped.Ideally, the referrer determination should be made on the upgraded URL so as not to over-aggressively drop referrer information.
The text was updated successfully, but these errors were encountered: