1460920 - Add referrerpolicy attribute support for <script> elements

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, enhancement, P2)

Description

[Dominic Farolino [:domfarolino]]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36

Steps to reproduce:

The HTML Standard PR [1] is adding support for the referrerpolicy attribute on <script> elements. Check the PR for a link to the relevant WPTs (which atm, I have not yet started).

[1]: https://github.com/whatwg/html/pull/3678


Actual results:

Referrer + referrer policy of a request made by a <script> with the referrerpolicy attribute and a valid referrer policy value is not affected by the referrerpolicy attribute.


Expected results:

The referrer + referrer policy of said request should be influenced by the attr/value.

Comment 1

[Boris Zbarsky [:bzbarsky]]

See https://github.com/whatwg/html/pull/3678#issuecomment-388180369 for implementation notes.

Comment 2

[Thomas Nguyen (:tnguyen)]

Attachment: Bug 1460920 - Part 2 : Support referrerpolicy attribute in script HTMLScriptElement

The patch adds the support of referrerpolicy attribute in script element
and take the attribute into account when loading script.

Comment 3

[Thomas Nguyen (:tnguyen)]

Attachment: Bug 1460920 - Part 1 - Speculative loading script should take referrerpolicy attribute in script element into account

Referrerpolicy attribute should be taken with high priority order than
mSpeculationReferrerPolicy

Comment 4

[Thomas Nguyen (:tnguyen)]

Attachment: Bug 1460920 - part 3: Update web-platform-tests

Comment 5

[Thomas Nguyen (:tnguyen)]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=cd6e99ce153213531c45f65e98a68e0c86521911

Comment 6

[Pulsebot]

Pushed by tnguyen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/045f98957a59
Part 1 - Speculative loading script should take referrerpolicy attribute in script element into account r=hsivonen

Comment 7

[Pulsebot]

Pushed by tnguyen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3309aa6d27ee
Part 2 : Support referrerpolicy attribute in script HTMLScriptElement r=hsivonen
https://hg.mozilla.org/integration/autoland/rev/209069890e62
part 3: Update web-platform-tests r=hsivonen

Comment 8

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/14125 for changes under testing/web-platform/tests

Comment 9

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

Upstream web-platform-tests status checks passed, PR will merge once commit reaches central.

Comment 10

[Daniel Varga [:dvarga]]

https://hg.mozilla.org/mozilla-central/rev/045f98957a59
https://hg.mozilla.org/mozilla-central/rev/3309aa6d27ee
https://hg.mozilla.org/mozilla-central/rev/209069890e62

Comment 11

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

Upstream PR merged

Comment 12

[Chris Mills (Mozilla, MDN editor) [:cmills]]

Note to MDN writers:

I have added a note to the Fx65 rel notes to cover this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/65#HTML

The pages for script/HTMLScriptElement still need updating, along with the compat data.

Comment 13

[Chris Mills (Mozilla, MDN editor) [:cmills]]

I've documented this:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script
https://developer.mozilla.org/en-US/docs/Web/API/HTMLScriptElement
https://developer.mozilla.org/en-US/docs/Web/API/HTMLScriptElement/referrerPolicy

And filed a PR to add compat data for it:
https://github.com/mdn/browser-compat-data/pull/3301

Let me know if the docs look OK. Thanks!

Comment 14

[Thomas Nguyen (:tnguyen)]

Thanks Chris
I think the empty string is not mentioned in the doc, that is the default and fallback value, https://www.w3.org/TR/referrer-policy/#referrer-policy-empty-string

Comment 15

[Chris Mills (Mozilla, MDN editor) [:cmills]]

(In reply to Thomas Nguyen from comment #14)

Thanks Chris
I think the empty string is not mentioned in the doc, that is the default and fallback value, https://www.w3.org/TR/referrer-policy/#referrer-policy-empty-string

I've added a note to cover this to both the following:

https://developer.mozilla.org/en-US/docs/Web/API/HTMLScriptElement/referrerPolicy
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script

Does it look OK?

Comment 16

[Thomas Nguyen (:tnguyen)]

lgtm, thanks

Comment 17

[:ehsan akhgari]

(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #15)

(In reply to Thomas Nguyen from comment #14)

Thanks Chris
I think the empty string is not mentioned in the doc, that is the default and fallback value, https://www.w3.org/TR/referrer-policy/#referrer-policy-empty-string

I've added a note to cover this to both the following:

https://developer.mozilla.org/en-US/docs/Web/API/HTMLScriptElement/referrerPolicy
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script

Does it look OK?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#Integration_with_HTML implies there is no support for <script>...