Open
Bug 1552165
Opened 5 years ago
Updated 2 years ago
Evaluate to not to get referrer from principal
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: tnguyen, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
Attachments
(1 file)
https://searchfox.org/mozilla-central/rev/11cfa0462a6b5d8c5e2111b8cfddcf78098f0141/dom/base/nsContentUtils.cpp#8013
Getting referrer from principal seems not to be the right thing.
Idea to change:
https://bugzilla.mozilla.org/show_bug.cgi?id=1265961#c6
And one concern
|
Reporter | |
Updated•5 years ago
|
|
|
Reporter | |
Updated•5 years ago
|
Assignee: nobody → tnguyen
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog] → [domsecurity-active]
|
|
Reporter | |
Comment 1•5 years ago
|
||
This is error prone to get referrer from principal, particularly in xhr
workers. We could store referrerInfo in ClientInfo to use in worker
cases
|
||
Comment 2•5 years ago
|
||
Sorry for the lag, but please see questions in Phabricator review?
Flags: needinfo?(tnguyen)
|
|
Reporter | |
Comment 3•5 years ago
•
|
||
Thanks for looking at this. Keep my ni here I will go back to this bug next weeks.
|
|
Reporter | |
Comment 4•5 years ago
|
||
Annek open a new issue https://github.com/whatwg/html/issues/4926
Then we could have a better infrastructure of how we inherited referrer policy in various cases.
|
||
Updated•5 years ago
|
Assignee: tnguyen → nobody
Status: ASSIGNED → NEW
Priority: -- → P3
Whiteboard: [domsecurity-active] → [domsecurity-backlog1]
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•