I would like to know if the origin of the current document is sent in the referer header when it establishes a "strict-origin" policy and the protocol level improves.
For examples:
The current document is .html, it sets a referer policy of "strict-origin", then some requests are made to .js.
I would like to know what will be the value of the referer in this particular case (note that the protocol level improves).
Regarding the documentation (), it is not clear:
Thanks for your help,
Bests
I would like to know if the origin of the current document is sent in the referer header when it establishes a "strict-origin" policy and the protocol level improves.
For examples:
The current document is http://example/index.html, it sets a referer policy of "strict-origin", then some requests are made to https://anotherexample/script.js.
I would like to know what will be the value of the referer in this particular case (note that the protocol level improves).
Regarding the documentation (https://developer.mozilla./en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy#strict-origin_2), it is not clear:
Thanks for your help,
Bests
Share Improve this question asked Mar 19 at 12:37 Antoine HazebrouckAntoine Hazebrouck 752 silver badges9 bronze badges1 Answer
Reset to default 1Looking at the spec, it seems referrer is always sent when referrerURL is non-trustworthy. So I believe the request would contain the referrer info.
The algo states:
Execute the statements corresponding to the value of policy:
Note: If request’s referrer policy is the empty string, Fetch will not call into this algorithm."
strict-origin"
If referrerURL is a potentially trustworthy URL and request’s current URL is not a potentially trustworthy URL, then return
no referrer.Return referrerOrigin.
strict-origin-when-cross-origin means treating as strict origin when the requests are cross origin. And since this is cross origin (HTTP to HTTPS), behaviour should be same as strict origin. This means ASCII serialization of referrer should be sent.