Closed
Bug 1340654
Opened 7 years ago
Closed 7 years ago
service workers should set referrer policy based on script headers
Categories
(Core :: DOM: Service Workers, defect)
Core
DOM: Service Workers
Tracking
()
RESOLVED
FIXED
mozilla54
| Tracking | Status | |
|---|---|---|
| firefox54 | --- | fixed |
People
(Reporter: bkelly, Assigned: bkelly)
References
(Blocks 1 open bug)
Details
Attachments
(3 files, 6 obsolete files)
|
6.67 KB,
patch
|
baku
:
review+
|
Details | Diff | Splinter Review |
|
7.18 KB,
patch
|
baku
:
review+
|
Details | Diff | Splinter Review |
|
13.57 KB,
patch
|
bkelly
:
review+
|
Details | Diff | Splinter Review |
We now set CSP based on service worker script headers, but we still don't set referrer policy. We should fix that.
|
Assignee | |
Comment 1•7 years ago
|
||
Related to this we don't apply the referrer policy header to other worker scripts correctly. We currently do this on importScripts() in addition to the main worker script. That appears to be incorrect.
|
|
Assignee | |
Comment 3•7 years ago
|
||
Update wpt manifest.
Attachment #8839262 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 4•7 years ago
|
||
Partial patch that converts some of the fetch referrer-policy tests to also run in service workers.
|
|
Assignee | |
Comment 5•7 years ago
|
||
Work-in-progress patch to fix the problem. Does not address comment 1 yet.
|
|
Assignee | |
Comment 6•7 years ago
|
||
I believe this addresses all the problems in this bug. I want to fix up the tests a bit more before flagging for review, though.
Attachment #8839275 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 7•7 years ago
|
||
Attachment #8839274 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 8•7 years ago
|
||
Attachment #8839266 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 9•7 years ago
|
||
Attachment #8839296 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 10•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=1a9c83f07ab9a48d6719423a400ae84fcff9b61e
|
|
Assignee | |
Comment 11•7 years ago
|
||
Comment on attachment 8839524 [details] [diff] [review] P1 Set referrer policy in service workers. r=baku This patch makes us apply the referrer-policy header to the WorkerPrivate for service workers coming out of CacheStorage in addition to the nsIChannel path. It also only sets the referrer-policy if we are operating on the main script. Previously we were incorrectly overriding the referrer-policy if an importScripts() had the header.
Attachment #8839524 -
Flags: review?(amarchesini)
|
|
Assignee | |
Comment 12•7 years ago
|
||
Comment on attachment 8839521 [details] [diff] [review] P2 Test that nested referrer policy from an importScripts() has no effect. r=baku This verifies that the nested importScripts() with a referrer-policy header does not affect the worker.
Attachment #8839521 -
Flags: review?(amarchesini)
|
|
Assignee | |
Comment 13•7 years ago
|
||
Comment on attachment 8839519 [details] [diff] [review] P3 Test referrer-policy in service workers. r=baku This expands the fetch tests to verify the referrer-policy works in service workers. Note, I had to adjust some of the URLs in the test files to account for the tests being run from an https origin in service worker tests vs an http origin in the other tests.
Attachment #8839519 -
Flags: review?(amarchesini)
|
||
Updated•7 years ago
|
Attachment #8839524 -
Flags: review?(amarchesini) → review+
|
|
||
Updated•7 years ago
|
Attachment #8839521 -
Flags: review?(amarchesini) → review+
|
|
||
Comment 14•7 years ago
|
||
Comment on attachment 8839519 [details] [diff] [review] P3 Test referrer-policy in service workers. r=baku Review of attachment 8839519 [details] [diff] [review]: ----------------------------------------------------------------- ::: testing/web-platform/meta/fetch/api/policies/referrer-origin-service-worker.https.html.ini @@ +1,5 @@ > +[referrer-origin-service-worker.https.html] > + type: testharness > + [Cross-origin referrer is overridden by client origin] > + expected: FAIL > + Do we have a follow up for this? Can we write the bug ID in case?
Attachment #8839519 -
Flags: review?(amarchesini) → review+
|
|
Assignee | |
Comment 15•7 years ago
|
||
(In reply to Andrea Marchesini [:baku] from comment #14) > Do we have a follow up for this? Can we write the bug ID in case? Yes, I think its covered by both bug 1341223 and bug 1298823.
|
|
Assignee | |
Comment 16•7 years ago
|
||
Attachment #8839519 -
Attachment is obsolete: true
Attachment #8840431 -
Flags: review+
|
|
Assignee | |
Comment 17•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=3e13b1c4286591585296a2dd116e37fa84045b37
|
||
Comment 18•7 years ago
|
||
Pushed by bkelly@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/a02f3229c14c P1 Set referrer policy in service workers. r=baku https://hg.mozilla.org/integration/mozilla-inbound/rev/b8ae4c3de328 P2 Test that nested referrer policy from an importScripts() has no effect. r=baku https://hg.mozilla.org/integration/mozilla-inbound/rev/88206a320746 P3 Test referrer-policy in service workers. r=baku
|
||
Comment 19•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/a02f3229c14c https://hg.mozilla.org/mozilla-central/rev/b8ae4c3de328 https://hg.mozilla.org/mozilla-central/rev/88206a320746
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox54:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in
before you can comment on or make changes to this bug.
Description
•