Bugzilla

Presently when following a redirect chain we include the redirect chain in the LoadInfo which we send to the final Content Process.  This type of behavior can leak to user credential theft via leaked OAuth tokens.  

[This bug report](https://hackerone.com/reports/202781) is a sample of one such vulnerability (this bug report didn't involve, Spectre, the tokens were leaked to the attacker site in the Referer header; but in our case, we could expose the tokens in an otherwise-secure flow to a Spectre-attacker, because the redirect chain is in memory.

Is the redirect chain needed in the Content Process? Can we merely omit it there?

Presently when following a redirect chain we include the redirect chain in the LoadInfo which we send to the final Content Process.  This type of behavior can leak to user credential theft via leaked OAuth tokens.  

[This bug report](https://hackerone.com/reports/202781) is a sample of one such vulnerability (this bug report didn't involve Spectre, the tokens were leaked to the attacker site in the Referer header; but in our case, we could expose the tokens in an otherwise-secure flow to a Spectre-attacker, because the redirect chain is in memory.

Is the redirect chain needed in the Content Process? Can we merely omit it there?

Presently when following a redirect chain we include the redirect chain in the LoadInfo which we send to the final Content Process.  This type of behavior can leak to user credential theft via leaked OAuth tokens.  

[This bug report](https://hackerone.com/reports/202781) is a sample of one such vulnerability - this bug report didn't involve Spectre, the tokens were leaked to the attacker site in the Referer header. But considering a Spectre attacker, we could expose the tokens in an otherwise-secure flow because the redirect chain is in memory.

Is the redirect chain needed in the Content Process? Can we merely omit it there?