Bug 1720294 - Part 1: Add a pref 'network.http.referer.disallowCrossSiteRelexingDefault'. r=ckerschb
authorTim Huang <tihuang@mozilla.com>
Thu, 29 Jul 2021 15:23:05 +0000
changeset 587021 4ddb82c5ddbbd9e6eee5005b0152176e3b05310e
parent 587020 5d6457f23f722173b407a09d042075c457e12556
child 587022 c67383d1e9b4ebfa1de0bb23718cb73276180848
push id147113
push usertihuang@mozilla.com
push dateThu, 29 Jul 2021 15:27:00 +0000
treeherderautoland@ae9c13cd6143 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1720294
milestone92.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1720294 - Part 1: Add a pref 'network.http.referer.disallowCrossSiteRelexingDefault'. r=ckerschb Add a pref to control if Firefox to disallow relaxing the referrer policy for cross-site requests. If it's set, we will ignore 'unsafe-url', 'no-referrer-when-downgrade' and 'origin-when-cross-origin' for cross-site requests. Differential Revision: https://phabricator.services.mozilla.com/D119971
modules/libpref/init/StaticPrefList.yaml
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -9197,16 +9197,24 @@
 # unless overriden by the site.
 # 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin,
 # 3=no-referrer-when-downgrade.
 - name: network.http.referer.defaultPolicy.pbmode
   type: uint32_t
   value: 2
   mirror: always
 
+# Set to ignore referrer policies which is less restricted than the default for
+# cross-site requests, including 'unsafe-url', 'no-referrer-when-downgrade' and
+# 'origin-when-cross-origin'.
+- name: network.http.referer.disallowCrossSiteRelaxingDefault
+  type: bool
+  value: @IS_EARLY_BETA_OR_EARLIER@
+  mirror: always
+
 # Set the Private Browsing Default Referrer Policy applied to third-party
 # trackers when the default cookie policy is set to reject third-party
 # trackers, to be used unless overriden by the site.
 # 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin,
 # 3=no-referrer-when-downgrade.
 # No need to change this pref for trimming referrers from trackers since in
 # private windows we already trim all referrers to origin only.
 - name: network.http.referer.defaultPolicy.trackers.pbmode