|Submitter||Diff||Changes||Open Issues||Last Updated|
|Error loading review requests:|
58 bytes, text/x-review-board-request
|Details | Review|
We currently have a number of preferences controlling the behavior of the Referer header: - network.http.sendRefererHeader; when to send the header - network.http.referer.trimmingPolicy: max amount of information it contains - network.http.referer.XOriginPolicy: whether or not to send it cross-origin Based on the work that was done around the Referrer Policy, we have given users the ability to force most policy states, except for one: strict-origin-when-cross-origin. Given that this policy seems like the most promising one in terms of improving privacy while keeping breakage low, I would like to add a new pref to allow users to control the trimming of cross-origin referrers, independently of same-origin referrers: network.http.referer.XOriginTrimmingPolicy This will allow us to investigate exposing some kind of meaningful Referrer control to users.
Comment on attachment 8798240 [details] Bug 1307596 - Add a preference for trimming third-party referrers. https://reviewboard.mozilla.org/r/83766/#review83188 ::: modules/libpref/init/all.js:1454 (Diff revision 1) > pref("network.http.sendRefererHeader", 2); > // false=real referer, true=spoof referer (use target URI as referer) > pref("network.http.referer.spoofSource", false); > // 0=full URI, 1=scheme+host+port+path, 2=scheme+host+port > pref("network.http.referer.trimmingPolicy", 0); > +// same as referer.trimmingPolicy but for cross-origin requests only please repeat the line "// 0=full URI, 1=scheme+host+port+path, 2=scheme+host+port", just for readability. Thanks.
Attachment #8798240 - Flags: review?(dd.mozilla) → review+
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/f90f136b1d03 Add a preference for trimming third-party referrers. r=dragana
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.