Chrome 85 Breaks Referer #24373
-
Before Chrome 85, when clicking external links on github the browser would send the It appears that |
Beta Was this translation helpful? Give feedback.
Replies: 8 comments
-
Hi there, @jamesward 's suggestion would fix the problem, but full GitHub URLs would always be leaked in all outgoing cross-origin requests across all of GitHub, which hinders users privacy. Browsers are generally switching to A few ideas/solutions: Solution 1 Pros:
Cons:
(A variation of this would be update the markdown to support specifying the Solution 2 Pros:
Cons:
Side note for GitHub: regardless of the solution, applying an explicit privacy-preserving policy of maudnals, cos_theta, rowan_m on Twitter |
Beta Was this translation helpful? Give feedback.
-
(referrerpolicy on Safari iOS - Not tested though!) |
Beta Was this translation helpful? Give feedback.
-
Thanks for the response and investigation! It doesn’t look like the sample is working. Shouldn’t the |
Beta Was this translation helpful? Give feedback.
-
Looks to me like the |
Beta Was this translation helpful? Give feedback.
-
Apologies, it’s now in the [EDIT: adding a comment by editing this answer, since I’m not allowed to post over 3 - this comment comes after @ahmetb 's comment below]: Summing up a few ideas/solutions that GitHub would need to act on:
Note: any of these would be preferable privacy-wise to setting a global behavior site-wide with a header, as they would limit cross-origin leaks to a smaller surface of GH. About the privacy bit:
maudnals , cos_theta , rowan_m on Twitter |
Beta Was this translation helpful? Give feedback.
-
At this point, just Google’s button already exists on some triple-digit repos. Those will be broken forever unless we go submit PRs for them manually. Not to mention Azure Websites, Heroku etc have been around longer, so we’re likely looking at thousands of broken repos here. Feasible solution requested from GitHub here would look like:
I’m inclined to think there aren’t privacy issues with this as far as GitHub users are concerned. The repos in question are public repos and don’t contain PII. |
Beta Was this translation helpful? Give feedback.
-
It appears that this has been fixed. 👏 |
Beta Was this translation helpful? Give feedback.
It appears that this has been fixed. 👏