(Translated by https://www.hiragana.jp/)
improve the example for no-referrer-when-downgrade policy by Thilak-KN · Pull Request #35997 · mdn/content · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve the example for no-referrer-when-downgrade policy #35997

Merged
merged 9 commits into from
Sep 30, 2024
Merged

improve the example for no-referrer-when-downgrade policy #35997

merged 9 commits into from
Sep 30, 2024

Conversation

Thilak-KN
Copy link
Contributor

Description

Improves the example for no-referrer-when-downgrade referrer-policy.

Motivation

I was trying out examples given in the MDN docs, and wondered what happens if an HTTP page references a resource served over HTTPS/HTTP

Additional details

W3C webappsec-referrer-policy says, in case of no-referrer-when-downgrade policy, the referer header is added to the request if referrer-URL is a non-potentially trustworthy URL, regardless of the potential trustworthiness of referred-URL

I tested the following snippet to verify it from my local system

<!DOCTYPE html>
<html>
  <head>
    <title>no-referrer-when-downgrade test</title>
  </head>
  <body>
    <meta name="referrer" content="no-referrer-when-downgrade" />
    <a href="https://developer.mozilla.org/en-US/"> https://developer.mozilla.org/en-US/ </a><br>
    <a href="http://eu.httpbin.org/"> http://eu.httpbin.org/ </a><br>
  </body>
</html>

image
image

Related issues and pull requests

@Thilak-KN
docs(referrer-policy): improve the example of no-referrer-when-downgr…
d695cd1 
…ade referrer-policy

https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade
the specification allows Referer header to be added when the referrer-URL is a non-potentially trustworthy URL, regardless of the potential trustworthiness of referred-URL
@Thilak-KN
Merge remote-tracking branch 'upstream/main' into no-referrer-when-do…
fae4321 
…wngrade-add-example
@Thilak-KN Thilak-KN requested a review from a team as a code owner September 22, 2024 17:14
@Thilak-KN Thilak-KN requested review from hamishwillee and removed request for a team September 22, 2024 17:14
@github-actions github-actions bot added Content:HTTP HTTP docs size/s [PR only] 6-50 LoC changed labels Sep 22, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 22, 2024
edited
Loading

Preview URLs

(comment last updated: 2024-09-30 04:37:38)

hamishwillee
hamishwillee approved these changes Sep 30, 2024
View reviewed changes
Copy link
Collaborator

@hamishwillee hamishwillee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct. Thank you.

@hamishwillee hamishwillee merged commit 6935404 into mdn:main Sep 30, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hamishwillee hamishwillee hamishwillee approved these changes

Assignees
No one assigned
Labels
Content:HTTP HTTP docs size/s [PR only] 6-50 LoC changed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Thilak-KN @hamishwillee