Update request's referrer policy when fetching #280
Conversation
|
With this change item 3.2 in https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer can be rewritten as "Let policy be requests's referrer policy", I think (see also: w3c/webappsec-referrer-policy#26). |
| is the empty string and <var>request</var>'s | ||
| <span title=concept-request-client>client</span> is non-null, set <var>request</var>'s | ||
| <span title=concept-request-referrer-policy>referrer policy</span> to <var>request</var>'s | ||
| <span title=concept-request-client>client</span>'s associated referrer policy. |
There was a problem hiding this comment.
Where is "associated referrer policy" defined? Would be nice to directly reference it.
There was a problem hiding this comment.
I expected it would be added to https://www.w3.org/TR/html5/webappapis.html#settings-object by webappsec-referrer-policy authors in the future. Should I link to https://w3c.github.io/webappsec-referrer-policy/#referrer-policy?
There was a problem hiding this comment.
Yeah, I think that would be good enough for now. Bit weird that they link to W3C HTML, which is hopelessly wrong.
|
Would love a final sign-off by @estark37 or @jeisinger too just to make sure we're not missing anything. (When you look at the diff, search for "Overview.src.html" for the easier to review set of changes.) |
|
This looks good to me. |
|
Thank you both! |
This cleans up the Fetch integration in the following ways: - Integrate the handling of Referrer-Policy headers on redirects with the HTTP-redirect fetch algorithm. This (I think) removes the need for responses to have associated referrer policies, and is also more precise/clean. - Insert a TODO to define an HTML integration for the referrerpolicy content attributes. This removes the need for handwavy handling of the attribute when determining the Referer for a request. - Use the request's referrer policy when determining the Referer for a request (no need to consult the environment's policy because that is now accounted for in Fetch as of whatwg/fetch#280). Issue 26
This cleans up the Fetch integration in the following ways: - Integrate the handling of Referrer-Policy headers on redirects with the HTTP-redirect fetch algorithm. This (I think) removes the need for responses to have associated referrer policies, and is also more precise/clean. - Insert a TODO to define an HTML integration for the referrerpolicy content attributes. This removes the need for handwavy handling of the attribute when determining the Referer for a request. - Use the request's referrer policy when determining the Referer for a request (no need to consult the environment's policy because that is now accounted for in Fetch as of whatwg/fetch#280). Issue 26
This cleans up the Fetch integration in the following ways: - Integrate the handling of Referrer-Policy headers on redirects with the HTTP-redirect fetch algorithm. This (I think) removes the need for responses to have associated referrer policies, and is also more precise/clean. - Insert a TODO to define an HTML integration for the referrerpolicy content attributes. This removes the need for handwavy handling of the attribute when determining the Referer for a request. - Use the request's referrer policy when determining the Referer for a request (no need to consult the environment's policy because that is now accounted for in Fetch as of whatwg/fetch#280). Issue 26
With this change request's referrer policy is updated before calculating referrer so that the referrer policy actually used for the referrer calculation is transferred to the service worker and the default referrer policy is not transferred to the service worker.
This change fixes #266.