Add a preference for trimming third-party referrers

RESOLVED FIXED in Firefox 52

Status

()

Core
Networking
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: francois, Assigned: francois)

Tracking

unspecified
mozilla52
Points:
---

Firefox Tracking Flags

(firefox52 fixed)

Details

(Whiteboard: [necko-active[)

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
We currently have a number of preferences controlling the behavior of the Referer header:

- network.http.sendRefererHeader; when to send the header
- network.http.referer.trimmingPolicy: max amount of information it contains
- network.http.referer.XOriginPolicy: whether or not to send it cross-origin

Based on the work that was done around the Referrer Policy, we have given users the ability to force most policy states, except for one: strict-origin-when-cross-origin.

Given that this policy seems like the most promising one in terms of improving privacy while keeping breakage low, I would like to add a new pref to allow users to control the trimming of cross-origin referrers, independently of same-origin referrers: network.http.referer.XOriginTrimmingPolicy

This will allow us to investigate exposing some kind of meaningful Referrer control to users.
Comment hidden (mozreview-request)

Comment 2

2 years ago
mozreview-review
Comment on attachment 8798240 [details]
Bug 1307596 - Add a preference for trimming third-party referrers.

https://reviewboard.mozilla.org/r/83766/#review83188

::: modules/libpref/init/all.js:1454
(Diff revision 1)
>  pref("network.http.sendRefererHeader",      2);
>  // false=real referer, true=spoof referer (use target URI as referer)
>  pref("network.http.referer.spoofSource", false);
>  // 0=full URI, 1=scheme+host+port+path, 2=scheme+host+port
>  pref("network.http.referer.trimmingPolicy", 0);
> +// same as referer.trimmingPolicy but for cross-origin requests only

please repeat the line "// 0=full URI, 1=scheme+host+port+path, 2=scheme+host+port", just for readability. Thanks.
Attachment #8798240 - Flags: review?(dd.mozilla) → review+
Whiteboard: [necko-active[
Comment hidden (mozreview-request)

Comment 4

2 years ago
Pushed by fmarier@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f90f136b1d03
Add a preference for trimming third-party referrers. r=dragana

Comment 5

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/f90f136b1d03
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.