canmove, Confirmed users
1,537
edits
Privacy/Features/Shortened HTTP Referer header: Difference between revisions
Privacy/Features/Shortened HTTP Referer header (view source)
Revision as of 18:35, 31 January 2014
, 31 January 2014no edit summary
No edit summary |
No edit summary |
||
| Line 20: | Line 20: | ||
This feature adds a way to attenuate the information that's sent as the referrer. This is multiple phases: | This feature adds a way to attenuate the information that's sent as the referrer. This is multiple phases: | ||
''Phase 1:'' Plumbing for global and site-specific control. In the first phase, we will create a global pref so power users and addons can select at most how much of the URL is sent as referrer, globally. Additionally, on a site-by-site basis (probably via permission manager) a referrer policy can be applied to override the global setting. | '''Phase 1:''' Plumbing for global and site-specific control. In the first phase, we will create a global pref so power users and addons can select at most how much of the URL is sent as referrer, globally. Additionally, on a site-by-site basis (probably via permission manager) a referrer policy can be applied to override the global setting. | ||
''Phase 2:'' Site-based control via CSP header and tag attributes. In the second phase, we enable sites to reduce the amount of data transmitted in referrers generated on their site. This is done by the site sending a signal with Content Security Policy response header indicating that outgoing referrers should be reduced. Stripping options should include the same options mentioned in phase 1. Sites will be able to specify a default policy for their pages, but we will also implement some per-link control (One mechanism could be to support [http://www.webkit.org/blog/907/webkit-nightlies-support-html5-noreferrer-link-relation/ the rel="noreferrer" attribute] to omit referers from link clicks, or similar). | '''Phase 2:''' Site-based control via CSP header and tag attributes. In the second phase, we enable sites to reduce the amount of data transmitted in referrers generated on their site. This is done by the site sending a signal with Content Security Policy response header indicating that outgoing referrers should be reduced. Stripping options should include the same options mentioned in phase 1. Sites will be able to specify a default policy for their pages, but we will also implement some per-link control (One mechanism could be to support [http://www.webkit.org/blog/907/webkit-nightlies-support-html5-noreferrer-link-relation/ the rel="noreferrer" attribute] to omit referers from link clicks, or similar). | ||
''Phase 3:'' Site-based control via meta tag. Once the CSP HTTP response header can be used to set a site policy, we will extend CSP to be settable via the meta tag. This way sites can specify a referrer policy without having to send an HTTP header. | '''Phase 3:''' Site-based control via meta tag. Once the CSP HTTP response header can be used to set a site policy, we will extend CSP to be settable via the meta tag. This way sites can specify a referrer policy without having to send an HTTP header. | ||
Note: Site-based control could be accomplished using the meta referrer tag, but we are opting to implement the same functionality in CSP to combine the security/privacy features. [http://wiki.whatwg.org/wiki/Meta_referrer See whatwg wiki] and see also {{bug|704320}}. | Note: Site-based control could be accomplished using the meta referrer tag, but we are opting to implement the same functionality in CSP to combine the security/privacy features. [http://wiki.whatwg.org/wiki/Meta_referrer See whatwg wiki] and see also {{bug|704320}}. | ||
''Phase 4:'' New Firefox defaults. Once sites have better control, we will decide how much to limit referrer sending by default (same-origin and cross-origin). Right now too much information is transmitted in referer headers, and we should reduce that to the extent possible. In this phase, we'll have an open discussion in [https://lists.mozilla.org/listinfo/dev-privacy dev-privacy] about what defaults to choose. | '''Phase 4:''' New Firefox defaults. Once sites have better control, we will decide how much to limit referrer sending by default (same-origin and cross-origin). Right now too much information is transmitted in referer headers, and we should reduce that to the extent possible. In this phase, we'll have an open discussion in [https://lists.mozilla.org/listinfo/dev-privacy dev-privacy] about what defaults to choose. | ||
''Phase 5:'' Extra bonus phase - UI for users to control how much referrer is sent on a global basis, likely in the privacy settings for Firefox. Additionally, per-site control in the permissions and siteinfo UI. This may not be necessary if Phase 4 is successful and there's not much referrer sending by default. | '''Phase 5:''' Extra bonus phase - UI for users to control how much referrer is sent on a global basis, likely in the privacy settings for Firefox. Additionally, per-site control in the permissions and siteinfo UI. This may not be necessary if Phase 4 is successful and there's not much referrer sending by default. | ||
See also: {{bug|587523}} | See also: {{bug|587523}} | ||
| Line 46: | Line 46: | ||
* This is not the Origin header | * This is not the Origin header | ||
|Feature functional spec=See also [http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#link-type-noreferrer the noreferrer link type] | |Feature functional spec=See also [http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#link-type-noreferrer the noreferrer link type] | ||
|Feature implementation plan=''Phase 1:'' | |Feature implementation plan='''Phase 1:''' | ||
* {{done|global default referrer policy via pref}} {{bug|822869}} | * {{done|global default referrer policy via pref}} {{bug|822869}} | ||
* {{new|site-specific setting via permission}} | * {{new|site-specific setting via permission}} | ||
''Phase 2:'' | '''Phase 2:''' | ||
* {{new|CSP referrer directive support}} {{bug|965727}} | * {{new|CSP referrer directive support}} {{bug|965727}} | ||
* {{new|noreferrer attribute for anchor tags}} {{bug|530396}} | * {{new|noreferrer attribute for anchor tags}} {{bug|530396}} | ||
* {{new|referrer (policy) attribute for anchor tags}} | * {{new|referrer (policy) attribute for anchor tags}} | ||
''Phase 3:'' | '''Phase 3:''' | ||
* {{new|meta tag support for CSP}} {{bug|663570}} | * {{new|meta tag support for CSP}} {{bug|663570}} | ||
''Phase 4:'' | '''Phase 4:''' | ||
* {{new|discussion in [https://lists.mozilla.org/listinfo/dev-privacy dev-privacy] about measuring success of new referrer defaults}} | * {{new|discussion in [https://lists.mozilla.org/listinfo/dev-privacy dev-privacy] about measuring success of new referrer defaults}} | ||
* {{new|discussion in [https://lists.mozilla.org/listinfo/dev-privacy dev-privacy] to choose new policy (and measurement of its effects)}} | * {{new|discussion in [https://lists.mozilla.org/listinfo/dev-privacy dev-privacy] to choose new policy (and measurement of its effects)}} | ||
* {{new|change global defaults for referrer}} | * {{new|change global defaults for referrer}} | ||
''Phase 5:'' | '''Phase 5:''' | ||
{{new|decide if this phase should be dropped or completed}} | * {{new|decide if this phase should be dropped or completed}} | ||
{{new|about:permissions and siteInfo UI for per-site referrer settings}} | * {{new|about:permissions and siteInfo UI for per-site referrer settings}} | ||
{{new|privacy settings pane UI for global referrer settings}} | * {{new|privacy settings pane UI for global referrer settings}} | ||
|Feature implementation notes=See above in Planning section for progress. Just some links here. | |Feature implementation notes=See above in Planning section for progress. Just some links here. | ||