Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 508310 Meta referrer ignored for subresources
Starred by 5 users Reported by patrick....@github.com, Jul 8 2015 Back to list
Status: Fixed
Owner:
Closed: Jul 2015
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36

Steps to reproduce the problem:
1. Visit a site with a meta referrer policy set
2. Observe that the policy is ignored for any subresources (JavaScript, CSS, etc).
3. Observe that the policy is followed for explicit navigation (clicking lins, etc)

What is the expected behavior?
The meta referrer policy should apply to all requests

What went wrong?
It is not clear why this is happening. But, it is possible that this bug is related to/is the same as the following:

https://code.google.com/p/chromium/issues/detail?id=402420
https://code.google.com/p/chromium/issues/detail?id=399593

Did this work before? N/A 

Chrome version: 43.0.2357.132  Channel: stable
OS Version: OS X 10.10.3
Flash Version: Shockwave Flash 18.0 r0

I pulled together a quick hello world site where you can see this behavior for various meta referrer policies: http://biasedcoin.com/meta-referrer-tests/
 
Comment 1 by jochen@chromium.org, Jul 10 2015
Cc: mkwst@chromium.org abarth@chromium.org
Issue 402420 has been merged into this issue.
Comment 2 by jochen@chromium.org, Jul 10 2015
Issue 399593 has been merged into this issue.
Comment 3 by jochen@chromium.org, Jul 10 2015
Cc: est...@chromium.org
Comment 4 by est...@chromium.org, Jul 10 2015
Labels: -OS-Mac OS-All Cr-Blink Cr-Blink-SecurityFeature
Owner: est...@chromium.org
Status: Assigned
Project Member Comment 5 by bugdroid1@chromium.org, Jul 16 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=198992

------------------------------------------------------------------
r198992 | estark@chromium.org | 2015-07-16T00:19:14.137962Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/PreloadRequest.h?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/HTMLPreloadScanner.cpp?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/platform/weborigin/SecurityPolicy.cpp?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/CSSPreloadScanner.cpp?r1=198992&r2=198991&pathrev=198992
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/referrer-policy-subresource.html?r1=198992&r2=198991&pathrev=198992
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/resources/referrer-policy-script.php?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/HTMLPreloadScanner.h?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/Document.cpp?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/platform/weborigin/SecurityPolicy.h?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/CSSPreloadScanner.h?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/PreloadRequest.cpp?r1=198992&r2=198991&pathrev=198992

Apply meta tag referrer policy for preloaded requests

When a referrer policy is discovered in a meta tag during a preload
scan, apply that policy to the document so that it will be used for
subsequent preloaded resource loads.

BUG= 508310 

Review URL: https://codereview.chromium.org/1235563004
-----------------------------------------------------------------
Comment 6 by tkent@chromium.org, Jul 17 2015
Labels: -Cr-Blink
Project Member Comment 7 by bugdroid1@chromium.org, Jul 17 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=199128

------------------------------------------------------------------
r199128 | estark@chromium.org | 2015-07-17T19:17:52.681364Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/referrer-policy-subresource.html?r1=199128&r2=199127&pathrev=199128
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/resources/referrer-policy-script.php?r1=199128&r2=199127&pathrev=199128

Add test for subresource loading before meta referrer policy

Previously, this test checked that a meta referrer policy got applied to
subresources. Now it also tests that the meta referrer policy doesn't
apply to subresources loaded before the tag.

BUG= 508310 

Review URL: https://codereview.chromium.org/1236283006
-----------------------------------------------------------------
Comment 8 by est...@chromium.org, Jul 17 2015
Labels: M-46
Status: Fixed
Comment 9 by Deleted ...@, Aug 5 2015
You need a better code name for your bugs?
Sign in to add a comment