Referrer restrictions break "Cloud Run" buttons on GitHub
Categories
(Core :: Privacy: Anti-Tracking, defect)
Tracking
()
People
(Reporter: johannh, Assigned: timhuang)
References
(Blocks 1 open bug)
Details
(Whiteboard: [FXATPS-referrer-standard])
Attachments
(4 files)
See https://github.community/t/chrome-85-breaks-referer/130039
STR:
- Go to https://github.com/jamesward/hello-netcat
- Press "Run on Google Cloud"
The following page seems to rely on the full referrer to know which repository to run. It does seem like they could easily embed that information in the URL, but they fixed it for Chrome by downgrading, so that means compat issues for us.
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
The patch adds two prefs to control whether we ignore the less
restricted referrer policies for top navigation. For Web compatibility,
we still need to allow less restricted referrer policies for top
navigations. We will allow it in the standard mode and still disallow it
in the strict mode and private browsing window.
Updated•2 years ago
|
Assignee | ||
Comment 2•2 years ago
|
||
This patch implements the code to allow less restricted referrer
policies for top navigation.
Depends on D141866
Assignee | ||
Comment 3•2 years ago
|
||
The patch modifies the browser_referrer_disallow_cross_site_relaxing.js
to test the pref for controlling the disallowing less restricted
referrer policies for top navigations.
Depends on D141867
Assignee | ||
Comment 4•2 years ago
|
||
This patch effectively enables the disallow relaxing referrer policies
for top navigations in ETP strict mode. It adds a ETP strict flag 'rpTop'
and set it in the strict feature list.
Depends on D141868
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b55963e972fb Part 1: Add prefs to control whether we ignore the less restricted referrer policies for top navigations. r=ckerschb,annevk https://hg.mozilla.org/integration/autoland/rev/fe52cfda5c67 Part 2: Implementing allowing less restricted referrer policies for top navigation. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/6b98e6bb7b87 Part 3: Add tests in browser_referrer_disallow_cross_site_relaxing.js r=ckerschb https://hg.mozilla.org/integration/autoland/rev/a31b6c3c190e Part 4: Add disallow relaxing referrer policies for top navigation to the ETP strict list. r=anti-tracking-reviewers,preferences-reviewers,pbz
Comment 6•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b55963e972fb
https://hg.mozilla.org/mozilla-central/rev/fe52cfda5c67
https://hg.mozilla.org/mozilla-central/rev/6b98e6bb7b87
https://hg.mozilla.org/mozilla-central/rev/a31b6c3c190e
Updated•2 years ago
|
Comment 7•2 years ago
|
||
Reproduced the issue on Firefox 95.0a1 (2021-10-06) under macOS 11.6.5 by using the STR provided in Comment 0.
The issue is fixed on Firefox 100.0 and 101.0a1. Tests were performed on macOS 11.6.5, Ubuntu 18.04 and Windows 11.
Description
•