Closed
Bug 1424907
Opened 7 years ago
Closed 7 years ago
Sort out interaction of referrer policy with about:blank
Categories
(Core :: DOM: Security, enhancement)
Core
DOM: Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: bzbarsky, Unassigned)
References
(Blocks 1 open bug)
Details
Consider a testcase like so:
<!DOCTYPE html>
<body>
<meta name="referrer" content="never">
<script>
w = function() {
var n = document.createElement("script");
return n.type = "text/javascript",
n.charset = "utf-8",
n.src = "something",
n
}
var n = document.createElement("iframe");
n.id = "intercom-frame";
n.style.display = "none";
var t = w();
n.onload = function() {
n.contentWindow.document.head.appendChild(t)
}
document.body.appendChild(n);
</script>
We seem to send the parent page's URL as the referrer for the script, but don't apply the parent page's referrer policy. We should either not use that URL or apply that page's referrer policy.
It's not clear to me what should be going on here per spec.
|
||
Comment 1•7 years ago
|
||
FWIW, I would be in favor of inheriting the referrer-policy for about:blank frames just like we do for origin, service worker controller, etc.
|
Reporter | |
Comment 2•7 years ago
|
||
> We seem to send the parent page's URL as the referrer for the script
Actually, I can't reproduce this anymore. Which makes sense, because I also couldn't find the mechanism that would make it work in Gecko.... Going to mark this invalid for now.Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•