Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firefox and Safari now ignore "unsafe" referrer-policies #18232

Merged
merged 7 commits into from
Oct 19, 2023
Merged

Firefox and Safari now ignore "unsafe" referrer-policies #18232

merged 7 commits into from
Oct 19, 2023

Conversation

benediktwerner
Copy link
Contributor

Summary

Recent versions of Firefox and Safari ignore "unsafe" referer-policies like "unsafe-url".

Test results and supporting details

@github-actions github-actions bot added data:api Compat data for Web APIs. https://developer.mozilla.org/docs/Web/API data:html Compat data for HTML elements. https://developer.mozilla.org/docs/Web/HTML data:http Compat data for HTTP features. https://developer.mozilla.org/docs/Web/HTTP data:svg Compat data for SVG features. https://developer.mozilla.org/docs/Web/SVG labels Nov 17, 2022
@queengooborg
Copy link
Contributor

Hey there, thank you for your PR, and welcome to BCD! Apologies for the long delay in reviewing your PR, this one ended up getting buried in the other PRs we've had opened.

Just a quick question: where did you get the "13" for Safari from?

@benediktwerner
Copy link
Contributor Author

benediktwerner commented Feb 10, 2023
edited
Loading

Can't remember for certain anymore but I'm pretty sure I just tried it on different versions in browserstack.

Searching a bit more, it seems like caniuse actually also mentions it, citing https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/ as the source which indicates 13.3 on iOS and 13.0.4 on Macs as the exact versions where it started getting ignored. I'll update the numbers.

@queengooborg
Copy link
Contributor

I trust CanIUse data, thanks for confirming!

@benediktwerner
Copy link
Contributor Author

Updated the iOS version to 13.3, not sure whether it's desired to desired to use 13.0.4 for Desktop or whether that's unnecessarily precise, looks like caniuse also just lists it as "13" (and 13.3 for iOS).

@queengooborg
Copy link
Contributor

"13" is perfect (see https://github.com/mdn/browser-compat-data/blob/main/docs/data-guidelines/index.md#choosing-a-version-number for the full explanation) -- I'll take another look at your PR tomorrow!

@benediktwerner
Copy link
Contributor Author

Hm, I guess the linter didn't like 13.3 for iOS. It seems correct though, the guidelines you posted say it should be the iOS version and iOS 13.3 definitely existed. Should I add it as a possible version or just revert it to "13"? Also feel free to directly modify my PR.

@queengooborg
Copy link
Contributor

Let's go ahead and revert Safari iOS to "13"; although technically this is partially incorrect, I don't think many BCD consumers will worry about minor versions from browser releases over three years old. ;P

@benediktwerner
Copy link
Contributor Author

True, done. (the commit date somehow got messed up so GitHub shows the commit further up ...)

Elchi3
Elchi3 reviewed Oct 19, 2023
View reviewed changes
Copy link
Member

@Elchi3 Elchi3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this got never merged ooops

Elchi3
Elchi3 approved these changes Oct 19, 2023
View reviewed changes
Copy link
Member

@Elchi3 Elchi3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you and sorry for the incredible long wait.

@Elchi3 Elchi3 merged commit 18eb460 into mdn:main Oct 19, 2023
@Elchi3 Elchi3 mentioned this pull request Oct 25, 2023
Merged
Elchi3 added a commit to Elchi3/browser-compat-data that referenced this pull request Nov 14, 2023
@benediktwerner @Elchi3
Firefox and Safari now ignore "unsafe" referrer-policies (mdn#18232)
30b737a 
* Firefox and Safari now ignore "unsafe" referrer-policies

* Add __compat key

* Fix style

* iOS Safari removed them in 13.3

Source: https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/

* Revert "iOS Safari removed them in 13.3"

This reverts commit 14840cf.

* Apply suggestions from code review

---------

Co-authored-by: Florian Scholz <fs@florianscholz.com>
@LeoMcA LeoMcA mentioned this pull request Feb 28, 2024
Merged
@BitcoinOutput BitcoinOutput mentioned this pull request Apr 6, 2024
Open
@adamlaska adamlaska mentioned this pull request Apr 6, 2024
Open
@Aknc34 Aknc34 mentioned this pull request Apr 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Elchi3 Elchi3 Elchi3 approved these changes

Assignees
No one assigned
Labels
data:api Compat data for Web APIs. https://developer.mozilla.org/docs/Web/API data:html Compat data for HTML elements. https://developer.mozilla.org/docs/Web/HTML data:http Compat data for HTTP features. https://developer.mozilla.org/docs/Web/HTTP data:svg Compat data for SVG features. https://developer.mozilla.org/docs/Web/SVG
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@benediktwerner @queengooborg @Elchi3