At the moment we pass a referrerURI as well as a referrer-policy between frontend and backend. Code for figuring out what referrer to actually send with a request is duplicated. It would be nice to encapsulate all of that information into a class which you then can ask question like: * what is the full referrer? * what referrer should I send with that request (based on the policy) All of that could then happen in an 'security by default' like style to guarantee we have the same referrer premises for all of the loads.
Priority: -- → P3
Thomas had a lot of experience working on Referrer Policy. He might be able to help this.
Summary: Refactor Referrer Policy setup → [meta] Refactor Referrer Policy setup
Whiteboard: [domsecurity-backlog1] → [domsecurity-meta]
Assignee: nobody → tnguyen
Status: NEW → ASSIGNED
Type: enhancement → task
You need to log in before you can comment on or make changes to this bug.