mdn/content

Add information to Referrer-Policy docs about how it can affect the Origin header

Open

#36,543 opened on Oct 28, 2024

View on GitHub
 (0 comments) (0 reactions) (0 assignees)Markdown (22,427 forks)batch import
Content:HTTPhelp wanted

Repository metrics

Stars
 (8,900 stars)
PR merge metrics
 (Avg merge 7d 3h) (147 merged PRs in 30d)

Description

MDN URL

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

What specific section or headline is this issue about?

No response

What information was incorrect, unhelpful, or incomplete?

When reading through this page, I don't see any references to how the Referrer-Policy settings may affect the origin header. It sounds as though it only affects the referer header, but it can also affect the origin header.

What did you expect to see?

In the description for the origin header, it mentions that origin may be set to null depending on the value of referr-policy.

The Origin header value may be null in a number of cases, including (non-exhaustively):

  • ...
  • Referrer-Policy set to no-referrer for non-cors request modes (e.g. simple form posts).

When choosing a referrer-policy, I wasn't aware of this side-effect. It would be really helpful to mention this clearly on this page as well, or at least link back to the Origin docs.

Do you have any supporting links, references, or citations?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin#description

Do you have anything more you want to share?

I'd be happy to start a PR but it may take a bit of time to make sure it's accurate. I would need to understand more clearly in which cases the origin header is affected and how. I would guess it's not just for no-referrer but also for some cross origin requests or e.g. no-referrer-when-downgrade. Also I'd imagine this can vary by browser.

Contributor guide