-
Notifications
You must be signed in to change notification settings - Fork 893
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Strip xorigin top-level navigation referrers instead of spoofing #2260
Conversation
GURL replacement_referrer_url; | ||
if (!is_main_frame) { | ||
// But iframe navigations get spoofed instead (brave/brave-browser#3988). | ||
replacement_referrer_url = request_url.GetOrigin(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fmarier Fine, I'm ok with the change. Just curious, does it weaken user privacy after all?
There are conflicts and test failures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
conflicts & CI
Fixes brave/brave-browser#3422. This is based on the #2070 pull request which was committed in 501f4e0 and then reverted in 056ce15 because of brave/brave-browser#3988.
b73c679
to
737ba14
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Fixes brave/brave-browser#3422.
This is based on the #2070 pull request which was committed in 501f4e0 and then reverted in 056ce15 because of brave/brave-browser#3988.
Submitter Checklist:
npm test brave_unit_tests && npm test brave_browser_tests && npm run test-security
) onnpm run lint
)git rebase master
(if needed).git rebase -i
to squash commits (if needed).Test Plan:
This can be manually tested using https://fmarier.github.io/brave-testing/referrer-spoofing.html.
Reviewer Checklist:
After-merge Checklist:
changes has landed on.