Closed Bug 1409602 Opened 7 years ago Closed 5 years ago

Check the usage of ReferrerPolicyFromString because "Determine token's Policy" spec was removed

Categories

(Core :: DOM: Security, defect, P2)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1517703

People

(Reporter: tnguyen, Unassigned)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [domsecurity-active]) 

See
https://searchfox.org/mozilla-central/rev/dca019c94bf3a840ed7ff50261483410cfece24f/netwerk/base/ReferrerPolicy.h#82

The spec has been removed and seems the method is only used in meta referrer.
Should scan the usage then update.
Blocks: 1409600
The spec language has changed the section title to "Determin Request's referrer" apparently, but the spec has not been removed.
https://www.w3.org/TR/referrer-policy/#determine-requests-referrer

The referrer policy can be applied via HTTP header, a meta header, or an element attribute
https://www.w3.org/TR/referrer-policy/#referrer-policy-delivery

Is it worth fixing the comment for just that? Or am I misunderstanding the point of the bug.
Flags: needinfo?(tnguyen)
Thanks Dan for pointing it out.

(In reply to Daniel Veditz [:dveditz] from comment #1)
> The spec language has changed the section title to "Determin Request's
> referrer" apparently, but the spec has not been removed.
> https://www.w3.org/TR/referrer-policy/#determine-requests-referrer

No, they are not the same, the old removed spec "Determine token's Policy" is how we parse a policy from token string. Some parts of that are out of dated.
I could give one example: the old specs allow we use "never" and "default" in Referrer-Policy header
https://www.w3.org/TR/2016/WD-referrer-policy-20160601/#determine-policy-for-token
But in new spec, they should be invalid policy
https://www.w3.org/TR/referrer-policy/#referrer-policy-header

This is one example we have to fix in our codebase, and we may have to scan all the wrong usages of ReferrerPolicyFromString like that to make sure we are compliant to spec. And I would like to change ReferrerPolicyFromString to something like ReferrerPolicyFromMeta to make it clearer
Flags: needinfo?(tnguyen)
Assignee: nobody → tnguyen
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Assignee: tnguyen → nobody
Status: ASSIGNED → NEW
Will fix it when refactor
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.