-
Notifications
You must be signed in to change notification settings - Fork 317
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1812797 - Add referrerUrl to Request for download features #2535
Conversation
92b9d8e
to
7f3c8eb
Compare
Hey, jackyzy823! First of all, thank you so much for your contributions. Really appreciate it. I tested the patch, and it actually makes the given use case, but passing the url that might contain sensitive information into the referrer field imposes a lot of security risks. We might need a different approach here. Previous discussions resulted in some follow ups for GeckoView, seeing @jonalmeida comment I get a sense that's the direction we were going for. I also see that the geckoview bug got higher priority, so I assume there might be some work going on during this nightly. I don't see anybody assigned to it though. And a separate question is, what kind of data we would like to pass with the request in this case? I don't have a lot of context on requests, but after some research we might want use different header like |
Hi, @mavduevskiy. I think GeckoViewFetchClient has ability to handle referrer properly according to referer policy. The reason why i think so:
So , no need to worry about information leak, Gecko will take care of it. I also explain this in Matrix channel for someone asking |
7f3c8eb
to
dfccd2a
Compare
dfccd2a
to
ec963c1
Compare
I know that Firefox is a privacy browser, but it really doesn't matter a lot when downloading images, all we need to do is just strip the path and keep only the domain like the way we're currently doing in desktop. We rarely even download images using Firefox Android. But well this bug needs to be sorted out soon because users are suffering. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome work 👏🏽
Thank you so much for this patch!
Pull Request checklist
After merge
To download an APK when reviewing a PR (after all CI tasks finished running):
Checks
at the top of the PR page.firefoxci-taskcluster
group on the left to expand all tasks.build-apk-{fenix,focus,klar}-debug
task you're interested in.View task in Taskcluster
in the newDETAILS
section.GitHub Automation
https://bugzilla.mozilla.org/show_bug.cgi?id=1812797