New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 508310 link

Starred by 5 users

Issue metadata

Status: Fixed
Owner:
OOO (parental leave)
Closed: Jul 2015
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Meta referrer ignored for subresources

Reported by patrick....@github.com, Jul 8 2015

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36

Steps to reproduce the problem:
1. Visit a site with a meta referrer policy set
2. Observe that the policy is ignored for any subresources (JavaScript, CSS, etc).
3. Observe that the policy is followed for explicit navigation (clicking lins, etc)

What is the expected behavior?
The meta referrer policy should apply to all requests

What went wrong?
It is not clear why this is happening. But, it is possible that this bug is related to/is the same as the following:

https://code.google.com/p/chromium/issues/detail?id=402420
https://code.google.com/p/chromium/issues/detail?id=399593

Did this work before? N/A 

Chrome version: 43.0.2357.132  Channel: stable
OS Version: OS X 10.10.3
Flash Version: Shockwave Flash 18.0 r0

I pulled together a quick hello world site where you can see this behavior for various meta referrer policies: http://biasedcoin.com/meta-referrer-tests/
 

Comment 1 by jochen@chromium.org, Jul 10 2015

Cc: mkwst@chromium.org abarth@chromium.org
 Issue 402420  has been merged into this issue.

Comment 2 by jochen@chromium.org, Jul 10 2015

 Issue 399593  has been merged into this issue.

Comment 3 by jochen@chromium.org, Jul 10 2015

Cc: est...@chromium.org

Comment 4 by est...@chromium.org, Jul 10 2015

Labels: -OS-Mac OS-All Cr-Blink Cr-Blink-SecurityFeature
Owner: est...@chromium.org
Status: Assigned
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 16 2015

The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=198992

------------------------------------------------------------------
r198992 | estark@chromium.org | 2015-07-16T00:19:14.137962Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/PreloadRequest.h?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/HTMLPreloadScanner.cpp?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/platform/weborigin/SecurityPolicy.cpp?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/CSSPreloadScanner.cpp?r1=198992&r2=198991&pathrev=198992
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/referrer-policy-subresource.html?r1=198992&r2=198991&pathrev=198992
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/resources/referrer-policy-script.php?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/HTMLPreloadScanner.h?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/Document.cpp?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/platform/weborigin/SecurityPolicy.h?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/CSSPreloadScanner.h?r1=198992&r2=198991&pathrev=198992
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/parser/PreloadRequest.cpp?r1=198992&r2=198991&pathrev=198992

Apply meta tag referrer policy for preloaded requests

When a referrer policy is discovered in a meta tag during a preload
scan, apply that policy to the document so that it will be used for
subsequent preloaded resource loads.

BUG= 508310 

Review URL: https://codereview.chromium.org/1235563004
-----------------------------------------------------------------

Comment 6 by tkent@chromium.org, Jul 17 2015

Labels: -Cr-Blink
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 17 2015

The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=199128

------------------------------------------------------------------
r199128 | estark@chromium.org | 2015-07-17T19:17:52.681364Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/referrer-policy-subresource.html?r1=199128&r2=199127&pathrev=199128
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/resources/referrer-policy-script.php?r1=199128&r2=199127&pathrev=199128

Add test for subresource loading before meta referrer policy

Previously, this test checked that a meta referrer policy got applied to
subresources. Now it also tests that the meta referrer policy doesn't
apply to subresources loaded before the tag.

BUG= 508310 

Review URL: https://codereview.chromium.org/1236283006
-----------------------------------------------------------------

Comment 8 by est...@chromium.org, Jul 17 2015

Labels: M-46
Status: Fixed

Comment 9 by Deleted ...@, Aug 5 2015

You need a better code name for your bugs?

Sign in to add a comment