-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider using Referrer Policy #135
Comments
I think here is an important thing: if policy is changed by us, it must be applied on AdGuard's side because site authors designed it to not to leak referrers. |
Here's some sites that may be affected by Referrer-Policy: |
This one to be precise: It seems that we should provide a core-libs specific way to deal with referrer-policy. |
What if we added a new basic rule modifier like this:
Which, in this case, would replace all Exceptions could work like this:
Since the referrer policy is sensitive to order (the latest policy understood by the browser is applied), and we can't preserve the order of rules when parsing them, we would have to introduce a gotcha such as "if multiple rules match the same request, only one of them is applied, unspecified which one". |
@ngorskikh Support of multi-values is really redundant because syntax of Referrer-Policy header allows multiple values, separated by commas with optional spaces. Multi-values are needed for matches to conveniently turning off some of them. In this case, this is too redundant, and also alters original header syntax. |
@sfionov
should replace the policy with the unescaped value of the modifier, and exceptions should work like this:
And, again, if multiple rules match the same request, only one of them (unspecified, which one) is applied. |
Looks good for me |
https://www.w3.org/TR/referrer-policy/
Relevant discussion:
https://forum.adguard.com/index.php?threads/sources-of-some-requests-were-not-identified.13260/
The text was updated successfully, but these errors were encountered: