Open
Bug 1610450
Opened 5 years ago
Updated 3 years ago
Referrer Policy and about:blank/javascript: URL inheritance is broken
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: annevk, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: csectype-disclosure, sec-low, Whiteboard: [domsecurity-backlog1])
See the tests I added in https://github.com/web-platform-tests/wpt/pull/21232. We ought to copy the referrer policy from the document the script executes in, but instead we drop the policy altogether going back to the default.
Updated•5 years ago
|
Updated•5 years ago
|
Keywords: csectype-disclosure,
sec-low
Updated•4 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•