Bug 266554 - Send Referer header on refresh. r=peterv,ckerschb,dom-core,smaug

This applies for refreshes resulting from either a `<meta>` refresh or the Refresh header. Referrer Policy is honored. Because exposing the referrer in a new place could have privacy implications, this behavior is gated behind a disabled pref until anti-tracking has been considered in bug 1928294. Some WPTs that D227450 touches are cleaned up a bit. Differential Revision: https://phabricator.services.mozilla.com/D227450
2024-11-14 16:27:34 +00:00
parent 2bd5ba9060
commit c71e404372
20 changed files with 478 additions and 22 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -5067,13 +5067,15 @@ nsDocShell::ForceRefreshURI(nsIURI* aURI, nsIPrincipal* aPrincipal,
    loadState->SetLoadType(LOAD_REFRESH);
  }

-  /* We mimic HTTP, which passes the original referrer.
-   * TODO(bug 266554): Send the referrer to the server (if allowed by referrer
-   * policy and tracking protection).
-   * See step 3 of
+  const bool sendReferrer = StaticPrefs::network_http_referer_sendFromRefresh();
+  /* The document's referrer policy is needed instead of mReferrerInfo's
+   * referrer policy.
+   */
+  const nsCOMPtr<nsIReferrerInfo> referrerInfo =
+      new ReferrerInfo(*doc, sendReferrer);
+  /* We mimic HTTP, which passes the original referrer. See step 3 of
   * <https://html.spec.whatwg.org/multipage/browsing-the-web.html#create-navigation-params-by-fetching>.
   */
-  const nsCOMPtr<nsIReferrerInfo> referrerInfo = new ReferrerInfo(*doc, false);
  loadState->SetReferrerInfo(referrerInfo);

  loadState->SetLoadFlags(