Closed Bug 1642591 Opened 4 years ago Closed 4 years ago

Consider not making referrer policy cause cache misses for images and CSS caches.

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla79
Tracking Flags:
Tracking Status
firefox79 --- fixed

People

(Reporter: emilio, Assigned: emilio)

References

Details

Attachments

(3 files)

Bug 1642591 - Don't make referrer policy a cache miss for sub-resource {pre,}loads. r=mayhemer!,tnikkel!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1642591 - Remove two subtests that are no longer expected to pass. r=mayhemer
47 bytes, text/x-phabricator-request
Details | Review
Bug 1642591 - Fix image/test/unit/test_private_channel.js. r=tnikkel
47 bytes, text/x-phabricator-request
Details | Review 
annevk: btw, should referrer policy cause a cache miss here?
annevk: we clearly don't want to key off the referrer, the image cache seems it keys on the policy
annevk
emilio: I don't know; consistency with images does seem ideal if attainable
emilio: but I'd be okay with trying to remove referrer policy as a key for all
emilio
annevk: right, my question is whether it makes sense to have the policy as part of the key to begin with
annevk: smells like follow-up material then, will keep the policy as the key for now and then probably remove both or something
emilio: note that removing will require changes to HTML, so yeah, follow-up imo (unless non-trivial to add)

It seems like this affects also the script loader and so on.

Past discussion on this in bug 1174921 (for images).

Thanks Timothy!

Note that https://html.spec.whatwg.org/#the-list-of-available-images does not take it into account at least. Searching for "cache" on https://w3c.github.io/webappsec-referrer-policy/ yields nothing.

Severity: -- → S3
Depends on: 1646019

For preload we're already effectively not using it, I think, due to
bug 1642325.

For images, this matches the spec, see earlier comments in this bug and
https://bugzilla.mozilla.org/show_bug.cgi?id=1174921#c17. I think it
makes sense for other sub-resources to align as well.

Assignee: nobody → emilio
Status: NEW → ASSIGNED

I feel a bit torn about these because they test real (if obscure) issues
with the speculative loader... But it's not clear to me it's worth it to
add plumbing to only check referrer policy if the load is speculative,
and our behavior matches other browsers1.

This test fails already on central if you change this line:

https://searchfox.org/mozilla-central/rev/027893497316897b8f292bde48dbb6da2391a331/image/test/unit/test_private_channel.js#93

by:

Ci.nsIReferrerInfo.EMPTY

Because the previous part of the test populates the image cache. The
test wants to check that the channel for the image load is properly
flagged as private and thus that the http cache is partitioned
appropriately, thus clearing the image caches seems sane.

While at it, also fix it so that we send a valid image instead of base64
text, though that change is not technically needed so feel free to ask
me to remove it.

Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/bd0e0254827d Don't make referrer policy a cache miss for sub-resource {pre,}loads. r=mayhemer,tnikkel https://hg.mozilla.org/integration/autoland/rev/d1ad1625fbaf Remove two subtests that are no longer expected to pass. r=mayhemer https://hg.mozilla.org/integration/autoland/rev/82d4df065e00 Fix image/test/unit/test_private_channel.js. r=tnikkel

https://hg.mozilla.org/mozilla-central/rev/bd0e0254827d
https://hg.mozilla.org/mozilla-central/rev/d1ad1625fbaf
https://hg.mozilla.org/mozilla-central/rev/82d4df065e00

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox79: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla79
Regressions: 1648003
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: