Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#30238] - [4.0] Update default behavior for the referrer policy

? ? ? Pending

User tests: Successful: Unsuccessful:

avatar zero-24
zero-24
30 Jul 2020

Summary of Changes

Update default behavior for the referrer policy from no-referrer-when-downgrade to strict-origin-when-cross-origin.

The details can be checked here: https://web.dev/referrer-best-practices/ with Chrome 85 this is going to be the default in the browsers too.

Testing Instructions

check the default option for the referrer policy
apply this patch
check the default option for the referrer policy has been updated to strict-origin-when-cross-origin

Actual result BEFORE applying this Pull Request

Default is no-referrer-when-downgrade

Expected result AFTER applying this Pull Request

Default is strict-origin-when-cross-origin

Documentation Changes Required

https://docs.joomla.org/J4.x:Http_Header_Management

avatar zero-24 zero-24 - open - 30 Jul 2020
avatar zero-24 zero-24 - change - 30 Jul 2020
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 30 Jul 2020
Category Front End Plugins
avatar toivo toivo - test_item - 31 Jul 2020 - Tested successfully
avatar toivo
toivo - comment - 31 Jul 2020

I have tested this item successfully on 172be57

Tested successfully in Beta4-dev of 31 July.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30238.

avatar SharkyKZ
SharkyKZ - comment - 31 Jul 2020

Change this in plugin code too.

avatar zero-24 zero-24 - change - 1 Aug 2020
Labels Added: ? ?
avatar zero-24
zero-24 - comment - 1 Aug 2020

Fixed thanks @SharkyKZ

avatar toivo toivo - test_item - 2 Aug 2020 - Tested successfully
avatar toivo
toivo - comment - 2 Aug 2020

I have tested this item successfully on 725e9d0

Tested successfully in Beta4-dev of 2 August in Wampserver 3.2.2 using PHP 7.4.8.

Both the default referrer policy in the plugin and referrer-policy in the response header worked as described.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30238.

avatar Quy Quy - test_item - 2 Aug 2020 - Tested successfully
avatar Quy
Quy - comment - 2 Aug 2020

I have tested this item successfully on 725e9d0

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30238.

avatar Quy Quy - change - 2 Aug 2020
Status Pending Ready to Commit
avatar Quy
Quy - comment - 2 Aug 2020

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30238.

avatar jmeintrup jmeintrup - test_item - 3 Aug 2020 - Tested successfully
avatar jmeintrup
jmeintrup - comment - 3 Aug 2020

I have tested this item successfully on 725e9d0

### BEFORE

  • System -> Plugins -> System - HTTP Headers has the referrer policy set to no-referrer-when-downgrade
  • Using Firefox 79.0 (64-Bit) -> Dev Tools -> Network Analysis the referrer policy is set to no-referrer-when-downgrade

AFTER

  • System -> Plugins -> System - HTTP Headers has the referrer policy set to strict-origin-when-cross-origin
  • Using Firefox 79.0 (64-Bit) -> Dev Tools -> Network Analysis the referrer policy is set to strict-origin-when-cross-origin
    This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30238.
avatar johndeutesfeld johndeutesfeld - test_item - 3 Aug 2020 - Tested successfully
avatar johndeutesfeld
johndeutesfeld - comment - 3 Aug 2020

I have tested this item successfully on 725e9d0

Tested with Chrome on Win64.
Both the default referrer policy in the plugin and referrer-policy in the response header worked as described.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30238.

avatar jmeintrup jmeintrup - test_item - 4 Aug 2020 - Tested successfully
avatar roland-d roland-d - close - 4 Aug 2020
avatar roland-d roland-d - merge - 4 Aug 2020
avatar roland-d roland-d - change - 4 Aug 2020
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2020-08-04 11:26:24
Closed_By roland-d
Labels Added: ?

Add a Comment

Login with GitHub to post a comment