Add referrerpolicy attribute support for <script> elements

RESOLVED FIXED in Firefox 65

Status

()

enhancement
P2
normal
RESOLVED FIXED
Last year
3 months ago

People

(Reporter: domfarolino, Assigned: tnguyen)

Tracking

({dev-doc-needed})

unspecified
mozilla65
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox65 fixed)

Details

Attachments

(3 attachments)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36

Steps to reproduce:

The HTML Standard PR [1] is adding support for the referrerpolicy attribute on <script> elements. Check the PR for a link to the relevant WPTs (which atm, I have not yet started).

[1]: https://github.com/whatwg/html/pull/3678


Actual results:

Referrer + referrer policy of a request made by a <script> with the referrerpolicy attribute and a valid referrer policy value is not affected by the referrerpolicy attribute.


Expected results:

The referrer + referrer policy of said request should be influenced by the attr/value.
Status: UNCONFIRMED → NEW
Component: Untriaged → DOM: Core & HTML
Ever confirmed: true
Product: Firefox → Core
Priority: -- → P2
Assignee: nobody → tnguyen
Depends on: 1463039
Depends on: 1475130
No longer depends on: 1475130
The patch adds the support of referrerpolicy attribute in script element
and take the attribute into account when loading script.
Referrerpolicy attribute should be taken with high priority order than
mSpeculationReferrerPolicy
Pushed by tnguyen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/045f98957a59
Part 1 - Speculative loading script should take referrerpolicy attribute in script element into account r=hsivonen
Pushed by tnguyen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3309aa6d27ee
Part 2 : Support referrerpolicy attribute in script HTMLScriptElement r=hsivonen
https://hg.mozilla.org/integration/autoland/rev/209069890e62
part 3: Update web-platform-tests r=hsivonen
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/14125 for changes under testing/web-platform/tests
Upstream web-platform-tests status checks passed, PR will merge once commit reaches central.
https://hg.mozilla.org/mozilla-central/rev/045f98957a59
https://hg.mozilla.org/mozilla-central/rev/3309aa6d27ee
https://hg.mozilla.org/mozilla-central/rev/209069890e62
Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Upstream PR merged
Note to MDN writers:

I have added a note to the Fx65 rel notes to cover this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/65#HTML

The pages for script/HTMLScriptElement still need updating, along with the compat data.

Thanks Chris
I think the empty string is not mentioned in the doc, that is the default and fallback value, https://www.w3.org/TR/referrer-policy/#referrer-policy-empty-string

Flags: needinfo?(tnguyen)

(In reply to Thomas Nguyen from comment #14)

Thanks Chris
I think the empty string is not mentioned in the doc, that is the default and fallback value, https://www.w3.org/TR/referrer-policy/#referrer-policy-empty-string

I've added a note to cover this to both the following:

https://developer.mozilla.org/en-US/docs/Web/API/HTMLScriptElement/referrerPolicy
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script

Does it look OK?

lgtm, thanks

(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #15)

(In reply to Thomas Nguyen from comment #14)

Thanks Chris
I think the empty string is not mentioned in the doc, that is the default and fallback value, https://www.w3.org/TR/referrer-policy/#referrer-policy-empty-string

I've added a note to cover this to both the following:

https://developer.mozilla.org/en-US/docs/Web/API/HTMLScriptElement/referrerPolicy
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script

Does it look OK?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#Integration_with_HTML implies there is no support for <script>...

You need to log in before you can comment on or make changes to this bug.