preserve `referrer` & `referrerPolicy ` metadata in asset requests by SkyZeroZx · Pull Request #69413 · angular/angular
Preserve referrer metadata when the service worker reconstructs asset requests for cache-busted and redirected asset fetches. For example, an attacker with access to asset host logs could receive a reset token embedded in a page URL if the reconstructed request falls back to default referrer behavior instead of carrying referrer: ''.
Preserve explicit referrer policy when the service worker reconstructs asset requests for cache-busted and redirected asset fetches. For example, an application can load a script or image with referrerPolicy: 'same-origin' or 'origin' to limit referrer data. Dropping that policy can expose more of the current URL to that resource host.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters