1197465 - Session restore sends along a localhost referrer (http://localhost:56679/errors/error.html?url=…)

Status: RESOLVED FIXED

(Firefox for iOS :: General, defect)

Description

[Matthew N. [:MattN]]

I happened to be looking in my server logs and noticed FxiOS sending a referrer of "http://localhost:56679/errors/error.html?url=http%3A//www.example.com/" (after substituting the domain name) which IIUC is related to the session restore mechanism:
[20/Aug/2015:13:18:16 -0400] "GET / HTTP/1.1" 200 6339 "http://localhost:56679/errors/error.html?url=http%3A//www.example.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) FxiOS/1.0 Mobile/12H143 Safari/600.1.4"

If possible, we should suppress this referer header e.g. via Referrer Policy [1]

[1] https://w3c.github.io/webappsec/specs/referrer-policy/

Comment 1

[Richard Newman [:rnewman]]

We certainly should!

Comment 2

[Richard Newman [:rnewman]]

*shakes fist at WKWebView*

Comment 3

[Brian Nicholson (:bnicholson)]

Attachment: Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/982

Comment 4

[Richard Newman [:rnewman]]

Comment on attachment 8653798 [details] [review]
Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/982

Let's land this after the v1 split. It can be our first trial run of backporting a v1.0.5 fix to master.

Comment 5

[Richard Newman [:rnewman]]

bnicholson: you can land this in both branches at your leisure :)

Comment 6

[Brian Nicholson (:bnicholson)]

https://github.com/mozilla/firefox-ios/commit/fe5a2ac550870906e5d88e146c519d7c80cec7e5

v1.0: 1e3994790c6e710c8387f834ffe387f47b1c4023