TPE SecEng/Referrer Policy
From MozillaWiki
Referrer Policy
References:
- Current W3C working draft: https://rawgit.com/w3c/webappsec-referrer-policy/master/index.html
- Web platform tests for referrer policy: https://github.com/w3c/web-platform-tests/tree/master/referrer-policy
- Web platform tests for fetch: https://github.com/w3c/web-platform-tests/tree/master/fetch
Main Engineers
- Franziskus Kiefer (SecEng, Berlin, Germany)
- Henry Chang (SecEng, Taipei, TW)
- Thomas Nguyen (SecEng, Taipei, TW)
Taipei Dashboard
Meta bugs
ID | Summary | Priority | Status |
---|---|---|---|
704320 | Implement <meta name="referrer"> | -- | RESOLVED |
999754 | [meta] implement referrer attribute for navigation and embedding elements | P2 | NEW |
2 Total; 1 Open (50%); 1 Resolved (50%); 0 Verified (0%);
Ship bugs
ID | Summary | Status | Target milestone | Resolution | Assigned to | Depends on | Blocks | Whiteboard |
---|---|---|---|---|---|---|---|---|
704320 | Implement <meta name="referrer"> | RESOLVED | mozilla36 | FIXED | Sid Stamm [:geekboy or :sstamm] | 1156107, 1166891, 1189364, 820466, 855443, 1073187, 1107694, 1110036, 1113431, 1113438, 1116880, 1124665, 1141142, 1161221, 1163743, 1168538, 1168540, 1174915, 1174921, 1185019, 1276836, 1279494 | 999754, 1091883, 1178101, 1185719, 61660, 965727, 1073184, 1100362, 1100609, 1101288, 1102599, 1103280, 1140638, 1165501, 1175736, 1184781, 1186308 | |
820466 | ###!!! ASSERTION: nsSSLStatus has null mServerCert or was called in the content process | RESOLVED | --- | DUPLICATE | 279923, 686248, 704320 | |||
855443 | Assertion failure in nsSHEntry.cpp:595 - multiple frames with multiple children | RESOLVED | mozilla36 | FIXED | Olli Pettay [:smaug][bugs@pettay.fi] | 1090918, 1244517 | 704320, 901876 | |
1073187 | add referrer policy support to Downloads.jsm | RESOLVED | mozilla59 | FIXED | Thomas Nguyen (:tnguyen) | 1420847, 1423501, 1428980 | 704320 | tpe-seceng, domsecurity-active |
1107694 | test_redundant_font_download.html fails on jemalloc3 builds | RESOLVED | mozilla37 | FIXED | Jonathan Kew [:jfkthame] | 704320, 762449 | ||
1110036 | "Save As" stops working from "Page Info" > "Media" pane. Progress of downloading is 0% forever | RESOLVED | Firefox 37 | FIXED | Philip Chee | 1105526 | 704320 | |
1113431 | <meta name="referrer"> is ignored for navigations from the context menu and via a middle-click | RESOLVED | Firefox 39 | FIXED | Alex Verstak | 1144816, 1145199 | 1178104, 704320, 1141142 | [adv-main38+] |
1113438 | <meta referrer> origin-when-crossorigin sets incorrect referrer | RESOLVED | mozilla37 | FIXED | Sid Stamm [:geekboy or :sstamm] | 1275247 | 704320 | |
1116880 | [e10s] [non-e10s] Pref 'view_source.editor.path' doesn't work | RESOLVED | mozilla37 | FIXED | (no longer active) | 1117109 | 516752, 704320 | |
1124665 | API changed for nsIWebBrowserPersist.saveURI in Firefox 36 beta? | RESOLVED | --- | WORKSFORME | 704320 | |||
1141142 | propagate referrer policy in android | RESOLVED | --- | INCOMPLETE | 1113431 | 704320 | [lang=js][bad first bug][tpe-seceng] | |
1156107 | <meta name=referrer> doesn't work when a popup created via target=_blank on a javascript: URI is navigated by that javascript: URI | NEW | --- | 704320 | ||||
1161221 | Split meta referrer tests | RESOLVED | mozilla41 | FIXED | Franziskus Kiefer [:franziskus] | 1163743 | 704320 | |
1163743 | (referrer policy) origin-when-crossorigin should have a hyphen in cross-origin | RESOLVED | mozilla41 | FIXED | Franziskus Kiefer [:franziskus] | 704320, 1161221 | ||
1166891 | Allow specifying a principal on XUL image elements and use that principal to do the image load (and maybe also a referrer policy?) | NEW | --- | 310165, 704320, 1119386 | ||||
1166910 | Implement <img> referrer attribute | RESOLVED | mozilla42 | FIXED | Franziskus Kiefer [:franziskus] | 999754, 1174913, 1175736 | ||
1168538 | CSP: Add compiled code test for referrer directive to TestCSPParser | RESOLVED | mozilla41 | FIXED | Franziskus Kiefer [:franziskus] | 704320 | ||
1168540 | [meta] WPT referrer policy tests | RESOLVED | --- | DUPLICATE | 663570, 1168933, 1169044, 1178337, 1186072, 1260664, 1261003, 1261298, 1270050, 1514399, 1520141 | 999754, 704320, 1223838 | [domsecurity-backlog] | |
1174913 | Implement <a> and <area> referrer attribute | RESOLVED | mozilla42 | FIXED | Franziskus Kiefer [:franziskus] | 1166910, 1185997 | 999754, 1175736 | |
1174915 | Allow dynamic changes of referrer policies | RESOLVED | mozilla43 | FIXED | Franziskus Kiefer [:franziskus] | 999754, 704320 | ||
1174921 | Reuse cached requests with different referrer policy | RESOLVED | --- | DUPLICATE | 1189364 | 999754, 704320 | ||
1175736 | Implement <iframe> referrer attribute | RESOLVED | mozilla42 | FIXED | Franziskus Kiefer [:franziskus] | 704320, 1166910, 1174913 | 999754 | |
1178337 | Valid referrer attribute values | RESOLVED | mozilla49 | FIXED | Henry Chang [:hchang] | 999754, 1168540, 1223838 | ||
1185019 | How to handle referer on cross-origin requests with redirection to same-origin | RESOLVED | --- | DUPLICATE | 999754, 663570, 704320 | [domsecurity-backlog] | ||
1187357 | Rename referrer attribute to referrerpolicy | RESOLVED | mozilla45 | FIXED | Franziskus Kiefer [:franziskus] | 999754, 1223838, 1261003 | ||
1189364 | Make referrer policies and network.http.sendRefererHeader play nicely | NEW | --- | 999754, 704320, 1174921 | tpe-seceng, domsecurity-backlog1 | |||
1223838 | Enable perElementReferrer by default | RESOLVED | mozilla50 | FIXED | Thomas Nguyen (:tnguyen) | 1168540, 1178337, 1187357, 1264165 | 999754 | |
1264165 | Implement <link> referrerpolicy attribute | RESOLVED | mozilla50 | FIXED | Thomas Nguyen (:tnguyen) | 999754, 1223838 | btpp-active | |
1276836 | Implement same-origin, strict-origin, strict-origin-when-cross-origin referrer policy | RESOLVED | mozilla52 | FIXED | Thomas Nguyen (:tnguyen) | 1305622, 1435582 | 587523, 704320, 1302421, 1304623 | [domsecurity-active] |
1279494 | Crash in mozilla::net::HttpBaseChannel::SetReferrerWithPolicy | RESOLVED | mozilla50 | FIXED | Thomas Nguyen (:tnguyen) | 704320 |
30 Total; 3 Open (10%); 27 Resolved (90%); 0 Verified (0%);