Yes, thank you. ________________________________________ From: [email protected] [[email protected]] on behalf of Jochen Eisinger [[email protected]] Sent: Tuesday, March 06, 2012 11:38 AM To: Joe Mason Cc: WebKit Development Subject: Re: [webkit-dev] Adding <meta name="referrer"> to WebCore
On Tue, Mar 6, 2012 at 5:31 PM, Joe Mason <[email protected]<mailto:[email protected]>> wrote: What happens if this extra plumbing isn't one? Is the tag just ignored? The ResourceRequest objects generated by WebCore will contain the correct header according to the referrer policy, e.g. if you click on a link, the generated ResourceRequest will have the "right" referrer header according to the policy. If you generate requests outside of WebCore, the header will have whatever value you set for it, e.g. in chromium, when you right click on a link and select "open in new tab", this would open a new tab with the default referrer policy which might be incorrect. To set the correct referrer header, I added the current frame's referrer policy to the context menu parameters that are passed over the chromium WebKit API, so the header for the request stemming from the context menu can now be set correctly. A port like Safari that uses WebKit to handle context menus won't have this problem, because the request is generated from within WebCore. Does that answer your question? best -jochen ________________________________________ From: [email protected]<mailto:[email protected]> [[email protected]<mailto:[email protected]>] on behalf of Jochen Eisinger [[email protected]<mailto:[email protected]>] Sent: Tuesday, March 06, 2012 10:58 AM To: WebKit Development Subject: [webkit-dev] Adding <meta name="referrer"> to WebCore Hey all, this is a belated announcement of the <meta name="referrer"> feature. It allows web sites to specify different policies for sending referrers, without resorting to ugly redirect hacks. This feature is currently a proposal: http://wiki.whatwg.org/wiki/Meta_referrer The implementation of the feature was tracked here: https://bugs.webkit.org/show_bug.cgi?id=72674 I'm sorry that this mail goes out after the feature has landed. Thank you, Maciej, for pointing this out. The feature is also not behind a flag. If any of the ports would prefer, I can add such a flag. In order to make the feature work with your port, you might need to add some extra plumbing. Here's a list of changes that were required for Chromium (AFAIK it works out of the box for Safari): - the chromium out-of-process network stack would enforce the referrer policy on redirects, so the referrer policy needed to be plumbed there - context menus in chromium are also out-of-process, so the referrer policy needed to be plumbed there for "open in new tab" etc - the tab navigation history in chromium is out-of-process, as well as storing the navigation history on disk for session restore, so the policy had to be plumbed there as well The feature is covered by layout tests in http/tests/security/referrer-policy-*html Looking forward to your comments best -jochen --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
