26830 2014-09-17 05:35:14 +0000 Referrer for window.open() navigation should be based on entry script's responsible document, not entry script's responsible document 2014-09-24 22:21:27 +0000 1 1 1 Unclassified WHATWG HTML unspecified Other other RESOLVED FIXED https://www.w3.org/Bugs/Public/show_bug.cgi?id=24613 P3 normal Unsorted 24080 1 ian ian annevk ian mike mkwst contributor oldest_to_newest 111663 0 ian 2014-09-17 05:35:14 +0000 Based on this test: http://damowmow.com/playground/demos/settings-objects/001/a/a.html ...it looks like the referrer needs to be based on the entry script settings object's referrer source, not the source browsing context's document as the HTML spec says now. Anne, Mike: Should I still be defining this in the HTML spec, or is this something that should be defined in Fetch or in the Referrer Policy spec? 111664 1 ian 2014-09-17 05:39:37 +0000 Actually this might just be specific to window.open(). When I use location.assign(), it works as you'd expect (using the incumbent settings object's responsible document). http://damowmow.com/playground/demos/settings-objects/002/a/a.html So maybe the bug here is just that window.open() should use the entry settings object's responsible browsing context as the source browsing context. 111665 2 ian 2014-09-17 05:40:36 +0000 (...in Chrome. In Firefox, 002 actually uses the incumbent settings object's API base URL for the URL resolution too, which is different.) 111683 3 annevk 2014-09-17 10:47:22 +0000 Referrer Policy takes its cues from Fetch. Fetch takes its cues from the invoking party, which could set request's referrer to a URL. Fetch also takes a client, which request's referrer would default to. Currently that is a JavaScript global environment, but you proposed making that a setting objects of sorts, that would offer access to an event loop, global object (to type check, e.g. ServiceWorkerGlobalScope vs Window), origin, and referrer and such (bug 24080 comment 9). So the answer the question in comment 0: HTML needs to make sure it passes the correct data to Fetch. It's not clear to me how Fetch could make this decision. 111696 4 ian 2014-09-17 16:10:53 +0000 Ok. Sounds good. In that case, I need to make sure window.open() is correctly set up. (I filed bug 26836 on the settings objects stuff BTW.) 112142 5 contributor 2014-09-24 22:21:27 +0000 Checked in as WHATWG revision r8816. Check-in comment: Make window.open() match browsers better https://html5.org/tools/web-apps-tracker?from=8815&to=8816