Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider using Referrer Policy #135

Closed
ameshkov opened this issue Nov 30, 2017 · 7 comments
Closed

Consider using Referrer Policy #135

ameshkov opened this issue Nov 30, 2017 · 7 comments
Assignees
@ngorskikh
Labels
Feature request Filtering Engine Medium Priority: P3 Resolution: Fixed Status: Closed Version: CoreLibs v1.12
Milestone
v1.7

Comments

@ameshkov
Copy link
Member

https://www.w3.org/TR/referrer-policy/

Relevant discussion:
https://forum.adguard.com/index.php?threads/sources-of-some-requests-were-not-identified.13260/
@ameshkov ameshkov mentioned this issue Nov 30, 2017
Closed
@sfionov
Copy link
Member

sfionov commented Dec 4, 2017

I think here is an important thing: if policy is changed by us, it must be applied on AdGuard's side because site authors designed it to not to leak referrers.

@sfionov sfionov added this to the v1.6 milestone Oct 16, 2019
@sfionov sfionov self-assigned this Oct 16, 2019
@ameshkov ameshkov modified the milestones: v1.6, v1.7 Dec 18, 2019
@adguard-bot adguard-bot modified the milestones: v1.8, v1.7 Mar 24, 2021
@sfionov
Copy link
Member

sfionov commented Feb 17, 2022

Here's some sites that may be affected by Referrer-Policy:

AdguardTeam/Scriptlets#196

@ameshkov
Copy link
Member Author

This one to be precise:
AdguardTeam/AdguardFilters#109135

It seems that we should provide a core-libs specific way to deal with referrer-policy.
Something like ||example.org^$referrer-policy=blahblah

@ameshkov ameshkov mentioned this issue Oct 12, 2022
Closed
@adguard-bot adguard-bot assigned ngorskikh and unassigned sfionov Apr 14, 2023
@ngorskikh
Copy link
Member

@ameshkov

What if we added a new basic rule modifier like this:

||example.org^$referrerpolicy=one|two|three

Which, in this case, would replace all Referrer-Policy headers (or add one, if none are present), and replace the content of <meta name="referrer"> tag with the policy one,two,three.

Exceptions could work like this:

||example.org^$referrerpolicy=one|two|three

! Remove the policies "one" and "two" from the patched value
@@||example.org^$referrerpolicy=one|two

! Completely disable referrerpolicy rules on matching requests
@@||example.org^$referrerpolicy

! Completely disable the $referrerpolicy=one|two|three rule
@@||example.org^$referrerpolicy=one|two|three

Since the referrer policy is sensitive to order (the latest policy understood by the browser is applied), and we can't preserve the order of rules when parsing them, we would have to introduce a gotcha such as "if multiple rules match the same request, only one of them is applied, unspecified which one".

@sfionov
Copy link
Member

sfionov commented Apr 17, 2023

@ngorskikh Support of multi-values is really redundant because syntax of Referrer-Policy header allows multiple values, separated by commas with optional spaces.

Multi-values are needed for matches to conveniently turning off some of them. In this case, this is too redundant, and also alters original header syntax.

@ngorskikh
Copy link
Member

ngorskikh commented Apr 17, 2023
edited
Loading

@sfionov
Then I propose that simply

||example.org^$referrerpolicy=one\,   two\,  three

should replace the policy with the unescaped value of the modifier, and exceptions should work like this:

! Disable the rule with the modifier value equal to `one\,   two\,  three`
@@||example.org^$referrerpolicy=one\,   two\,  three

! Disable all rules for matching requests
@@||example.org^$referrerpolicy

And, again, if multiple rules match the same request, only one of them (unspecified, which one) is applied.

@sfionov
Copy link
Member

sfionov commented Apr 17, 2023

Looks good for me

@ngorskikh ngorskikh mentioned this issue May 11, 2023
Open
@adguard-bot adguard-bot mentioned this issue Jul 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ngorskikh ngorskikh

Labels
Feature request Filtering Engine Medium Priority: P3 Resolution: Fixed Status: Closed Version: CoreLibs v1.12
Projects
None yet
Milestone
v1.7
Development

No branches or pull requests
4 participants
@sfionov @ameshkov @adguard-bot @ngorskikh