New issue
Advanced search Search tips

Issue 844322 link

Starred by 2 users

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 3
Type: Bug



Sign in to add a comment

Consider dropping support for legacy referrer policies

Project Member Reported by domfarolino@gmail.com, May 18 2018

Issue description

Right now the kReferrerPolicySupportLegacyKeywords enum member is used in a number of places that presumably took advantage of the referrer policy spec when it was first introduced. This allows for the support of legacy referrer policy keywords in weborigin/security_policy [1].

I'm updating the script element and script fetching in general to support referrer policies. For this, I'm not supporting legacy keywords (using the other enum member to indicate this), and neither do many other things that support referrer policy that have been added of late. I'm wondering if we could possibly, or if there are any plans to, remove the support for the legacy keywords update some of the older element and fetching code that uses legacy referrer policy keywords to no longer support these. Seems worth at least collecting data on and seeing if it might be safe to remove?

[1]: https://cs.chromium.org/chromium/src/third_party/blink/renderer/platform/weborigin/security_policy.h?l=44

 
Cc: -est...@chromium.org
Owner: est...@chromium.org
Status: Assigned (was: Unconfirmed)
Mac triage: assigning directly to estark@ for further triage.
Sounds, good, once this gets some more triage attention I'm happy to own it if that is alright with estark@, and submit necessary CLs etc.

Comment 3 by est...@chromium.org, Jun 13 2018

Cc: est...@chromium.org
Owner: domfarolino@gmail.com
I think it's worth getting some data on this, but I think we should be conservative about dropping support -- any existing uses of the legacy keywords will become privacy leaks if we stop supporting them.
Makes sense to me. I have yet to collect data but I’ll report back once I do, thanks.

Sign in to add a comment