Closed Bug 1560076 Opened 1 year ago Closed 1 year ago

Should pull Referrer-Policy from iframe if the referrer policy passed to fetch() inside is the empty string

Categories

(Core :: DOM: Security, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: junior, Unassigned)

Details

Fetch [1] 4.1.2.5 says:
"If request’s referrer policy is the empty string and request’s client is non-null, then set request’s referrer policy to request’s client’s referrer policy. "
[1] https://fetch.spec.whatwg.org/#main-fetch

Here's the test going to merge in web platform test.
https://github.com/web-platform-tests/wpt/pull/17280/files#diff-4ac023be6fea526c56e3c384fe32fa98R136

Please see fetchReferrerPolicyFromIframe, fetch should have pulled the RP from iframe.

I didn't realize yesterday, but I think the problem here might be that we use fetch from the wrong global in the test. If we did frame.contentWindow.fetch it'd likely do the right thing. (I thought the problem was that fetch() ignored the referrer policy completely, but that's not actually what is tested.)

Based on Comment 1
It works well at my side for frame.contentWindow.fetch

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.