PRIVACY ISSUE
Referrer policy is not honored by XHR and Fetch requests in web-worker.
VERSION:
Chrome Version: Chrome/62.0.3202.89
Operating System: MAC
REPRODUCTION STEPS
Even if the tag <meta name="referrer" content="no-referrer">, is set. When a fetch or XHR request is made from Web-worker it still leaks the path of the url.
I have setup a POC page:
https://cdn.cliqz.com/browser-f/fun-demo/poc-referrer-check.html
It does 4 network requests:
1. XHR from webpage
2. Fetch from webpage
3. XHR from worker
4. Fetch from worker
While requests from web-page honor the referrer policy and do not send the referrer, this is not the same for requests originating from web-worker. They tend to send the domain + path until the last path, which is replaced by worker filename.
Expected result is that referrer is not sent at all.
I also tested in Incognito mode, the referrer is sent from web-worker.
I also tested other meta tags:
1. <meta name="referrer" content="origin"/> :
Requests from web-page honor the referrer plicy as expected.
Requests from web-worker do not honor the referrer policy.
2. <meta name="referrer" content="same-origin" />
Requests from web-page honor the referrer plicy as expected.
Requests from web-worker do not honor the referrer policy.
|
Deleted:
Screen Shot 2017-11-10 at 02.38.50.png
491 KB
|
|
|
Deleted:
Screen Shot 2017-11-10 at 02.38.41.png
488 KB
|
|
|
Deleted:
Screen Shot 2017-11-10 at 02.38.31.png
491 KB
|
|
|
Deleted:
Screen Shot 2017-11-10 at 02.38.19.png
483 KB
|
Comment 1 by msramek@chromium.org
, Nov 10 2017Labels: -Pri-3 Pri-2
Owner: falken@chromium.org
Status: Assigned (was: Untriaged)