referer / referrer during reloads & history entry repopulations

[jakearchibald]

History entry repopulations: When you traverse to a history entry that doesn't have a document, so it needs refetching.

I've been testing using https://redirect-session-history.glitch.me, and it seems like, when reloading a page or traversing back to a page, browsers will send the same referer that was originally used for the first fetch of the page.

That includes cases like:

1. Page //origin-1/a
2. Navigate to page //origin-1/b (so referrer is //origin-1/a)
3. Reload, which redirects to //origin-1/c

//origin-1/c will have a referrer of //origin-1/a.

One minor browser difference:

1. Page //origin-1/a
2. Navigate to page //origin-1/b (so referrer is //origin-1/a)
3. Reload, which redirects to //totally-different-origin/foo, which redirects back to //origin-1/c

In this case Chrome and Firefox simplify the referrer to //origin-1/ (with the full origin of course), whereas Safari uses the full referrer //origin-1/a.

My plan is to spec the Chrome & Firefox behaviour by storing the referrer along with the "document state". The document state is the state needed to recreate a document, and is shared between multiple session history entries (entries that will share a document).

[jakearchibald]

Btw, let me know if this stuff is spec'd and I just can't find it. I followed the spec for reload() and it seems like the referrer just ends up as "client", meaning the referrer would be itself, which isn't what browsers do.

[domenic]

I wonder how referrer policy plays into this... usually its drawn from the fetch client. So imagine something like

1. //origin-1/a with referrer policy "unsafe-url"
2. //origin-1/b
3. //origin-1/c with referrer policy "no-referrer"

When navigating from 1 -> 2 the referrer would be //origin-1/a, the full URL. Then we navigate to 3. What if we click the back button then (with no bfcache)? Should the referrer be missing, based on 3's referrer policy? Or should it be //origin-1/a, the original referrer? If the latter, how do we thread that through specs?

[domenic]

If the latter, how do we thread that through specs?

I guess we could just set the referrer explicitly and then set the referrer policy to the empty string. Not so bad.

[jakearchibald]

Yeah, right now I'm allowing the referrer to be a URL or "no-referrer", which are used by fetch.

[jakearchibald]

Referrer policy is stored in the history entry too. Test:

1. Page //origin-1/a.
2. Navigate to page //origin-1/b using a link with referrerpolicy="same-origin" (so referrer is //origin-1/a).
3. Reload, which redirects to //totally-different-origin/foo.

Firefox and Chrome will omit Referer. Safari will send the full referrer //origin-1/a.

I'm going continue speccing the Chrome & Firefox behaviour.

[annevk]

See also w3c/webappsec-fetch-metadata#71.

[domenic]

It turns out Chromium and WebKit distinguish between user-triggered reloads and other reloads. Test case:

• Go to https://example.com/
• Click the "more information" link taking you to https://www.iana.org/domains/reserved
• Open your console and type document.referrer. You get https://example.com/
• Press the reload button on your browser
• Open your console and type document.referrer. You get https://example.com/
• In the same console, type location.reload().
• Open your console and type document.referrer. You get:
  • https://example.com/ in Firefox
  • https://www.iana.org/domains/reserved in Chromium, due to this code
  • https://www.iana.org/domains/reserved in WebKit

[domenic]

@domfarolino is working on some tests for this in web-platform-tests/wpt#36352 . However it's for the repopulation case, not the reload case.