Preserve request referrer and referrerPolicy

[PaperStrike]

Motivation and Context

In new Request(input, init) constructor steps | Fetch Standard,

step 13 discards the original request's referrer and referrer policy when init is not empty,

If init is not empty, then:

1. If request’s mode is "navigate", then set it to "same-origin".
2. Unset request’s reload-navigation flag.
3. Unset request’s history-navigation flag.
4. Set request’s referrer to "client"
5. Set request’s referrer policy to the empty string.

Note

This is done to ensure that when a service worker "redirects" a request, e.g., from an image in a cross-origin style sheet, and makes modifications, it no longer appears to come from the original source (i.e., the cross-origin style sheet), but instead from the service worker that "redirected" the request. This is important as the original source might not even be able to generate the same kind of requests as the service worker. Services that trust the original source could therefore be exploited were this not done, although that is somewhat farfetched.

we can reset referrer via step 14,

If init["referrer"] exists, then:

1. Let referrer be init["referrer"].
   ... (steps to set request's referrer to a parsed referrer)

and referrer policy via step 15,

If init["referrerPolicy"] exists, then set request’s referrer policy to it.

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactor (no bug fix and new feature but improvements)

Checklist:

• My change requires new tests.
• I have added tests to cover my changes.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.