New issue
Advanced search Search tips

Issue 619228 link

Starred by 6 users
Status: Fixed
Owner:
est...@chromium.org
Closed: Oct 2016
Cc:
jochen@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Exp-Leadership: ----
Launch-Leadership: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: ----
Launch-Privacy: ----
Launch-Security: ----
Launch-Test: ----
Launch-UI: ----
Rollout-Type: ----

Blocked on:
issue 621248


Sign in to add a comment

Referrer-Policy HTTP header

Project Member Reported by est...@chromium.org, Jun 10 2016 
Change description:
The Referrer-Policy header allows pages to set a referrer policy by sending an HTTP response header. It is intended to eventually replace the 'referrer' directive in Content Security Policy.

Changes to API surface:
Addition of the Referrer-Policy HTTP header

Links:
Public standards discussion: https://w3c.github.io/webappsec-referrer-policy/

Support in other browsers:
Internet Explorer: no
Firefox: no
Safari: no

*Make sure to fill in any labels with a -?, including all OSes this change
affects. Feel free to leave other labels at the defaults.

Comment 1 by est...@chromium.org, Jun 10 2016

Cc: jochen@chromium.org

Comment 2 by est...@chromium.org, Jun 17 2016

Blockedon: 621248
Project Member

Comment 3 by bugdroid1@chromium.org, Jun 24 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/239c8bd69c319553a11b83041042cde6879deaab

commit 239c8bd69c319553a11b83041042cde6879deaab
Author: estark <estark@chromium.org>
Date: Fri Jun 24 20:24:07 2016

Implement Referrer-Policy header for workers

This CL adds (runtime-enabled) support for the Referrer-Policy header
when loading worker scripts. If a worker script is served with a
Referrer-Policy header, then that policy is used for requests that
the worker initiates. If no Referrer-Policy header is present, then
the worker gets the default referrer policy.

Intent to Implement: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/Umj9iVRJM70

BUG= 619228 

Review-Url: https://codereview.chromium.org/2086143006
Cr-Commit-Position: refs/heads/master@{#401953}

[add] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/save-referrer.php
[add] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/worker.php
[add] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/shared-worker-with-header.html
[add] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/worker-with-header.html
[add] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/LayoutTests/http/tests/serviceworker/referrer-policy-header.html
[add] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-rewrite-worker.php
[add] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/referrer-policy-iframe.html
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/DedicatedWorkerGlobalScope.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/InProcessWorkerBase.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/InProcessWorkerBase.h
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/InProcessWorkerMessagingProxy.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/SharedWorkerGlobalScope.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/WorkerScriptLoader.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/WorkerScriptLoader.h
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/WorkerThreadStartupData.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/WorkerThreadStartupData.h
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/WorkerThreadTest.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/core/workers/WorkerThreadTestHelper.h
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/modules/compositorworker/CompositorWorkerGlobalScope.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/modules/compositorworker/CompositorWorkerThreadTest.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerGlobalScope.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/web/WebEmbeddedWorkerImpl.cpp
[modify] https://crrev.com/239c8bd69c319553a11b83041042cde6879deaab/third_party/WebKit/Source/web/WebSharedWorkerImpl.cpp
Project Member

Comment 4 by bugdroid1@chromium.org, Jun 30 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/550ba7f9533922cfeac9709d99815cec9b2ad52a

commit 550ba7f9533922cfeac9709d99815cec9b2ad52a
Author: estark <estark@chromium.org>
Date: Thu Jun 30 00:20:16 2016

Apply Referrer-Policy header when following redirects

When a Referrer-Policy header is received during a redirect,
URLRequestJob parses it and updates the referrer and referrer policy on
the request, if necessary.

The Referrer-Policy header is being implemented as an experimental web
platform feature. The experimental web platform feature flag is plumbed
to URLRequestJob via a boolean on URLRequestContext. This flag should be
temporary and only live until the Referrer-Policy feature ships.

Intent to Implement: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/Umj9iVRJM70
Implementation plan: https://docs.google.com/document/d/1SyQhP6Y7BHIQXWL8S1saWqMuar4hoWLGigQuHmizg3g/edit

BUG= 619228 

Review-Url: https://codereview.chromium.org/2100583002
Cr-Commit-Position: refs/heads/master@{#403017}

[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/content/common/resource_messages.h
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/content/shell/browser/layout_test/layout_test_url_request_context_getter.cc
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/content/shell/browser/layout_test/layout_test_url_request_context_getter.h
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/content/shell/browser/shell_url_request_context_getter.cc
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/content/shell/browser/shell_url_request_context_getter.h
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/ios/web/public/referrer_util_unittest.cc
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/net/url_request/redirect_info.cc
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/net/url_request/redirect_info.h
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/net/url_request/url_request.cc
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/net/url_request/url_request.h
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/net/url_request/url_request_context.cc
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/net/url_request/url_request_context.h
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/net/url_request/url_request_job.cc
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/net/url_request/url_request_job_unittest.cc
[add] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/referrer-policy-redirect.php
[modify] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/header-test.js
[add] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/no-referrer-on-redirect.php
[add] https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/postmessage-referrer.php
Project Member

Comment 5 by bugdroid1@chromium.org, Jun 30 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8

commit ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8
Author: estark <estark@chromium.org>
Date: Thu Jun 30 02:58:53 2016

Revert of Apply Referrer-Policy header when following redirects (patchset #17 id:320001 of https://codereview.chromium.org/2100583002/ )

Reason for revert:
Broke msan tests https://build.chromium.org/p/chromium.memory.fyi/builders/Linux%20MSan%20Tests/builds/17218/steps/net_unittests%20on%20Ubuntu-12.04/logs/URLRequestJob.RedirectTransactionWithReferrerPolicyHeader

Original issue's description:
> Apply Referrer-Policy header when following redirects
>
> When a Referrer-Policy header is received during a redirect,
> URLRequestJob parses it and updates the referrer and referrer policy on
> the request, if necessary.
>
> The Referrer-Policy header is being implemented as an experimental web
> platform feature. The experimental web platform feature flag is plumbed
> to URLRequestJob via a boolean on URLRequestContext. This flag should be
> temporary and only live until the Referrer-Policy feature ships.
>
> Intent to Implement: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/Umj9iVRJM70
> Implementation plan: https://docs.google.com/document/d/1SyQhP6Y7BHIQXWL8S1saWqMuar4hoWLGigQuHmizg3g/edit
>
> BUG= 619228 
>
> Committed: https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a
> Cr-Commit-Position: refs/heads/master@{#403017}

TBR=jochen@chromium.org,eugenebut@chromium.org,mmenke@chromium.org,palmer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 619228 

Review-Url: https://codereview.chromium.org/2108423002
Cr-Commit-Position: refs/heads/master@{#403075}

[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/content/common/resource_messages.h
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/content/shell/browser/layout_test/layout_test_url_request_context_getter.cc
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/content/shell/browser/layout_test/layout_test_url_request_context_getter.h
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/content/shell/browser/shell_url_request_context_getter.cc
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/content/shell/browser/shell_url_request_context_getter.h
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/ios/web/public/referrer_util_unittest.cc
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/net/url_request/redirect_info.cc
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/net/url_request/redirect_info.h
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/net/url_request/url_request.cc
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/net/url_request/url_request.h
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/net/url_request/url_request_context.cc
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/net/url_request/url_request_context.h
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/net/url_request/url_request_job.cc
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/net/url_request/url_request_job_unittest.cc
[delete] https://crrev.com/ee62ba686f5053bced5ef548edbb16948e9c278a/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/referrer-policy-redirect.php
[modify] https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/header-test.js
[delete] https://crrev.com/ee62ba686f5053bced5ef548edbb16948e9c278a/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/no-referrer-on-redirect.php
[delete] https://crrev.com/ee62ba686f5053bced5ef548edbb16948e9c278a/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/postmessage-referrer.php
Project Member

Comment 6 by bugdroid1@chromium.org, Jun 30 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5588c741ac6256115b545d29a4d4a7e87b68dddd

commit 5588c741ac6256115b545d29a4d4a7e87b68dddd
Author: estark <estark@chromium.org>
Date: Thu Jun 30 19:21:54 2016

Reland of Apply Referrer-Policy header when following redirects (patchset #1 id:1 of https://codereview.chromium.org/2108423002/ )

Reason for revert:
Relanding after fixing uninitialized |read_handler| field in MockTransaction

Original issue's description:
> Revert of Apply Referrer-Policy header when following redirects (patchset #17 id:320001 of https://codereview.chromium.org/2100583002/ )
>
> Reason for revert:
> Broke msan tests https://build.chromium.org/p/chromium.memory.fyi/builders/Linux%20MSan%20Tests/builds/17218/steps/net_unittests%20on%20Ubuntu-12.04/logs/URLRequestJob.RedirectTransactionWithReferrerPolicyHeader
>
> Original issue's description:
> > Apply Referrer-Policy header when following redirects
> >
> > When a Referrer-Policy header is received during a redirect,
> > URLRequestJob parses it and updates the referrer and referrer policy on
> > the request, if necessary.
> >
> > The Referrer-Policy header is being implemented as an experimental web
> > platform feature. The experimental web platform feature flag is plumbed
> > to URLRequestJob via a boolean on URLRequestContext. This flag should be
> > temporary and only live until the Referrer-Policy feature ships.
> >
> > Intent to Implement: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/Umj9iVRJM70
> > Implementation plan: https://docs.google.com/document/d/1SyQhP6Y7BHIQXWL8S1saWqMuar4hoWLGigQuHmizg3g/edit
> >
> > BUG= 619228 
> >
> > Committed: https://crrev.com/550ba7f9533922cfeac9709d99815cec9b2ad52a
> > Cr-Commit-Position: refs/heads/master@{#403017}
>
> TBR=jochen@chromium.org,eugenebut@chromium.org,mmenke@chromium.org,palmer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG= 619228 
>
> Committed: https://crrev.com/ede2091f3f4a3a836e3e2efb13bd8c691a60f6d8
> Cr-Commit-Position: refs/heads/master@{#403075}

TBR=jochen@chromium.org,eugenebut@chromium.org,mmenke@chromium.org,palmer@chromium.org
BUG= 619228 

Review-Url: https://codereview.chromium.org/2111623003
Cr-Commit-Position: refs/heads/master@{#403245}

[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/content/common/resource_messages.h
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/content/shell/browser/layout_test/layout_test_url_request_context_getter.cc
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/content/shell/browser/layout_test/layout_test_url_request_context_getter.h
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/content/shell/browser/shell_url_request_context_getter.cc
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/content/shell/browser/shell_url_request_context_getter.h
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/ios/web/public/referrer_util_unittest.cc
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/net/url_request/redirect_info.cc
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/net/url_request/redirect_info.h
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/net/url_request/url_request.cc
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/net/url_request/url_request.h
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/net/url_request/url_request_context.cc
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/net/url_request/url_request_context.h
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/net/url_request/url_request_job.cc
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/net/url_request/url_request_job_unittest.cc
[add] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/referrer-policy-redirect.php
[modify] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/header-test.js
[add] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/no-referrer-on-redirect.php
[add] https://crrev.com/5588c741ac6256115b545d29a4d4a7e87b68dddd/third_party/WebKit/LayoutTests/http/tests/security/referrerPolicyHeader/resources/postmessage-referrer.php
Project Member

Comment 7 by bugdroid1@chromium.org, Oct 10 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1c7f4eba31fca673ed6adbfd2f7e2f04394da590

commit 1c7f4eba31fca673ed6adbfd2f7e2f04394da590
Author: estark <estark@chromium.org>
Date: Mon Oct 10 21:07:06 2016

Ship Referrer-Policy header

Intent to Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/y4a1OWfMzN0/XFBIp_GIBgAJ

BUG= 619228 

Review-Url: https://codereview.chromium.org/2399643002
Cr-Commit-Position: refs/heads/master@{#424236}

[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/content/shell/browser/layout_test/layout_test_url_request_context_getter.cc
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/content/shell/browser/layout_test/layout_test_url_request_context_getter.h
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/content/shell/browser/shell_url_request_context_getter.cc
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/content/shell/browser/shell_url_request_context_getter.h
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/net/url_request/url_request_context.cc
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/net/url_request/url_request_context.h
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/net/url_request/url_request_job.cc
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/net/url_request/url_request_job_unittest.cc
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/third_party/WebKit/Source/core/loader/FrameLoader.cpp
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/third_party/WebKit/Source/core/workers/WorkerScriptLoader.cpp
[modify] https://crrev.com/1c7f4eba31fca673ed6adbfd2f7e2f04394da590/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in

Comment 8 by est...@chromium.org, Oct 10 2016

Labels: -M-53 M-56
Status: Fixed (was: Assigned)

Comment 9 by goo...@leonklingele.de, Mar 15 2017 

Firefox has an option "network.http.referer.userControlPolicy" which allows to set the default referrer policy. Does such an option exist in Chromium as well?

Comment 10 by jochen@chromium.org, Mar 16 2017 

Chromium has a command line option --no-referrers to disable sending referrers

Sign in to add a comment