Skip to content

Strip referer to strict-origin-when-cross-origin in all cases #13464

New issue
New issue
Closed
brave/brave-core
#7591
Closed
Strip referer to strict-origin-when-cross-origin in all cases#13464
brave/brave-core
#7591
Assignees
iefremov
Labels
OS/AndroidFixes related to Android browser functionalityOS/DesktopQA Pass - Android ARMQA Pass - Android TabQA Pass-LinuxQA Pass-Win64QA Pass-macOSQA/Yesfeature/shieldsThe overall Shields feature in Brave.feature/shields/referrerrelease-notes/includerelease/blockingwebcompat/shieldsShields is breaking a website.
Milestone
1.19.x - Release
@pes10k

Description

@pes10k
pes10k
opened on Jan 11, 2021

This is a follow up to #13434 (which is no longer needed)

Brave currently completely strips the referrer on all cross origin top-frame navigations. This causes Brave to look like bots / fraud for some non-malicious systems (e.g., DDG and similar).

We should change Brave's referrer policy to cap at (i.e. send less when the page requests less, but cap and default to strict-origin-when-cross-origin)

Metadata

Metadata

Assignees

Labels

OS/AndroidFixes related to Android browser functionalityOS/DesktopQA Pass - Android ARMQA Pass - Android TabQA Pass-LinuxQA Pass-Win64QA Pass-macOSQA/Yesfeature/shieldsThe overall Shields feature in Brave.feature/shields/referrerrelease-notes/includerelease/blockingwebcompat/shieldsShields is breaking a website.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions