Closed Bug 1475130 Opened 7 years ago Closed 7 years ago

Speculative loading does not check Referrer-Policy header

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: tnguyen, Unassigned)

Details

Thomas Nguyen (:tnguyen)

Reporter

Description

•

7 years ago

Speculative loading only scans and uses referrer from <meta referrer>, but did not check referrer from Referrer-Policy header. So there would be the case, document loading gets Referrer-Policy header but no <meta referrer>. Then, the first request (speculative loading) will use default referrer policy, and the second request uses the referrer policy from Referrer-Policy header. The comparison check will decide not to use the first one, but make the request again, for example https://searchfox.org/mozilla-central/rev/a80651653faa78fa4dfbd238d099c2aad1cec304/dom/script/ScriptLoader.cpp#1627

Thomas Nguyen (:tnguyen)

Reporter

Updated

•

7 years ago

Blocks: 1460920

Thomas Nguyen (:tnguyen)

Reporter

Updated

•

7 years ago

Blocks: 1408263

Thomas Nguyen (:tnguyen)

Reporter

Updated

•

7 years ago

No longer blocks: 1408263, 1460920

Status: NEW → RESOLVED

Closed: 7 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Speculative loading does not check Referrer-Policy header

Categories

(Core :: DOM: Security, enhancement)

Tracking

()

People

(Reporter: tnguyen, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated