Closed Bug 1329065 Opened 7 years ago Closed 7 years ago

Leak referrer information if the referrer policy is set to UnSet

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla53
Tracking Flags:
Tracking Status
firefox53 --- fixed

People

(Reporter: tnguyen, Assigned: tnguyen)

References

Details

Attachments

(1 file, 1 obsolete file)

Check the correct policy when setting referrer header
7.86 KB, patch
mcmanus
: review+
Details | Diff | Splinter Review 
Follow Bug 1304623 comment 36, if the referrer policy is set to unset, it passed all the checks and leak unsafe referrer information.
Blocks: 1304623
MozReview-Commit-ID: JG5DVBqGczS
Assignee: nobody → tnguyen
Status: NEW → ASSIGNED
MozReview-Commit-ID: JG5DVBqGczS
Attachment #8824310 - Attachment is obsolete: true
Comment on attachment 8824311 [details] [diff] [review]
Check the correct policy when setting referrer header

Hi Patrick
I have to change the flow of set referrer policy and add some missing tests for the case Unset.
Could you please take a look?
Attachment #8824311 - Flags: review?(mcmanus)
Attachment #8824311 - Flags: review?(mcmanus) → review+
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/9835378fead4
Check the correct policy when setting referrer header. r=mcmanus
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/9835378fead4
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox53: --- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: