Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upCan't open links in duckduckgo #10309
Comments
|
Servo lacks both window.open and window.post message, so it seems logical. |
|
Pinging @nilnilnil |
|
It's because since Servo is a non-known browser, we have no way of asserting that meta referrer is appropriately implemented, so we use the iframe method to preserve user privacy instead. If Servo implements meta referrer (with the origin option), we'd be happy to add Servo to the list that would skip this block. |
|
@nilnilnil Thank you! I'll come back to you once we got that implemented. |
|
@paulrouget To answer your question, #11238 implements a per-document referrer policy that is obtained via child |
|
So I read the JS code again, and I'm not sure how referrer policy is going to help here: doesn't DDG use referrer policy through an iframe, using |
|
The goal is to support enough of the referrer policy for ddg to allow using |
|
@nilnilnil , can you comment on that:
I'd like to know if we implemented enough to add servo to the white list. |
|
What's the status here? |
|
Ping on this? |
|
This works for me with the current build. |
|
Confirmed. |
Edit: requires #10311
(flagging as P1 as ddg is the search engine used in browserhtml)
Url I use: https://duckduckgo.com/?q=example
Below some JS code from the duckduckgo page. It fails at
f.open()withf is undefined.Took me a while, but apparently, the test
((ie || ip || ir || is || im) && e.indexOf("http") != -1 && kg != "p" && (!kd || kd == 1))basically means "if a known browser, if url starts with http, if search terms in url, if want to hide referrer" (not sure aboutkdand referrer).We enter this block, and then ddg creates a hidden iframe and open the link from there.
So to make it work, we either want to be able to skip the test and go directly to
w.location = …or supportiframe.contentDocumentandwindow.openfrom within an iframe. I'm wondering if it's normal that we enter this block (Servo is not a known browser, and I don't think by default ddg is supposed to hide the search terms from the referrer url).I'm not sure, but I think ddg in Chrome doesn't use this hidden iframe thing and use
w.location.I'll need help from some ddg folks. My question: is it normal that Servo goes through the hidden iframe code path?