canmove, Confirmed users
1,537
edits
Privacy/Features/Shortened HTTP Referer header: Difference between revisions
Privacy/Features/Shortened HTTP Referer header (view source)
Revision as of 16:51, 27 May 2011
, 27 May 2011no edit summary
(Created page with "[http://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919]") |
No edit summary |
||
| Line 1: | Line 1: | ||
[http://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919] | Once you have created your Feature page, please remove this paragraph and link to your page from the [[Features/Inbox|Features Inbox]], where a team will triage it and move it into the appropriate [[Features|Feature list]]. If you have any questions, please contact [[User:Dria|Deb]]. | ||
{| class="fullwidth-table" | |||
|- | |||
| style="font-weight: bold; background: #DDD;" | Feature | |||
| style="font-weight: bold; background: #DDD;" | Status | |||
| style="font-weight: bold; background: #DDD;" | ETA | |||
| style="font-weight: bold; background: #DDD;" | Owner | |||
|- | |||
<section begin="status" /> | |||
| [[Privacy/Features/Shortened HTTP Referer header|Shortened HTTP Referer header]] | |||
| {{StatusHealthy|status=Exploratory}} | |||
| ? | |||
| [[User:Sidstamm|Sid Stamm]] | |||
<section end="status" /> | |||
|- | |||
|} | |||
== Summary == | |||
There is the desire to remove the Referer header outright, possibly in favor of the Origin header or something with less information. It can leak sensitive data accidentally and can be abused as a form of ambient authority. Unfortunately, we can't just stop sending it on requests because too many things on the web might break. | |||
This feature adds a way to attenuate the information that's sent as the referrer. This is multiple phases: | |||
''Phase 1:'' User global control. In the first phase, we should create a pref so users can select at most how much of the URL is sent as referrer. They will be able to chose a full referrer value, a referrer that is {scheme, host, port, path}, {scheme, host, port}, or just host. | |||
''Phase 2:'' Site-based control. In the second phase, we enable sites to reduce the amount of data transmitted in referrers generated on their site. This is done by the site sending a signal with the HTTP response indicating that outgoing referrers should be reduced. Stripping options should include the same options mentioned in phase 1. One mechanism could be to support [http://www.webkit.org/blog/907/webkit-nightlies-support-html5-noreferrer-link-relation/ the rel="noreferrer" attribute] to omit referers from link clicks. | |||
== Team == | |||
Who's working on this? | |||
* '''Feature Manager''': ''whoever is responsible for doing the day-to-day work of driving the feature to completion and updating the status on this page'' | |||
* '''Lead Developer''': | |||
* '''Product Manager''': | |||
* '''QA''': | |||
* '''UX''': | |||
* '''Accessibility''': | |||
* '''Security''': [[User:Curtisk|Curtis Koenig]] | |||
* '''Privacy''': [[User:Sidstamm|Sid Stamm]] | |||
Team list should make it clear who to ask about what, and who to ping when they're needed. If you do not need someone in a particular role (ie: Security), that's fine, just delete that line. Contact info for each person would also be handy. | |||
== Release Requirements == | |||
Complete checklist of items that need to be satisfied before we can call this feature "done". | |||
* Test plan must be created and implemented | |||
* Use cases must be clearly outlined and it must be clear how the feature addresses each. | |||
* Initially, Phase 1 (user-set) should not change default behavior until user initiates change. | |||
* Default referer behavior for sites should not change until sites activate attenuation features. | |||
== Next Steps & Open Issues == | |||
Open issues include unanswered questions, things that need to be explored, decisions that still need to be made, etc. Again, including the name of who's responsible for each item can be useful. | |||
* {{new|(Product Manager) Socialize pref idea via mailing list, brown bag, or some public discussion.}} | |||
* {{new|(Feature Team) Nail down user-initiated shortening requirements}} | |||
* {{new|(Feature Team) Nail down server-initiated shortening requirements}} | |||
* {{new|(Engineer?) Make test plan}} | |||
* {{new|(Engineer) Write patch for phase 1 and land}} | |||
* {{new|(Engineer) Write patch for phase 2 and land}} | |||
== Related Bugs & Dependencies == | |||
Links to the feature tracking bug & other relevant bugs; links to related plans (test plan, product marketing plan, etc.); notes about things that depend on this, etc. | |||
* [http://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919 Facebook write-up on "HTTP-Referer" woes] | |||
* [http://www.webkit.org/blog/907/webkit-nightlies-support-html5-noreferrer-link-relation/ the rel="noreferrer" attribute] | |||
* {{bug|587523}}: strip referrer in a future anonymous mode | |||
== Risks == | |||
* Site breakage (tolerable? need to quantify this) | |||
* User confusion (make it hidden pref?) | |||
== Use Cases == | |||
; Leaking search terms : From {{bug|587523#c0}}: "An example of this can be seen by searching for 'no knead bread' with Google, and clicking on the 4th search result, which takes you to www.breadtopia.com/basic-no-knead-method/, a page which "helpfully" lets you know that it is aware of the search terms that brought you to the site." | |||
; Outbound link anonymization : Many sites like gmail send outbound links through a common redirect to strip off any information that may be present in the URL. Supporting rel="noreferrer" reduces the need for extra HTTP traffic and redirects. | |||
== Designs == | |||
Any and all mockups, design specs, tech specs, etc. Either inline or linked to. | |||
== Test Plans == | |||
Any and all test plans and strategies. Either inline or linked to. | |||
== Goals == | |||
The high level goals for the feature (which the release requirements checklist should fulfill). These are the guiding light and overall vision for the feature. Refer to this if there is confusion or are disputes about direction, designs, planning, etc. | |||
== Non-Goals == | |||
* We are not removing the HTTP referer header | |||
* We are not replacing the HTTP referer header | |||
* This is not the Origin header | |||
== Legend (remove if you like) == | |||
{| class="fullwidth-table" | |||
|- | |||
| {{StatusHealthy|status= }} | |||
| Healthy: feature is progressing as expected. | |||
|- | |||
| {{StatusBlocked|status= }} | |||
| Blocked: feature is currently blocked. | |||
|- | |||
| {{StatusAtRisk|status= }} | |||
| At Risk: feature is at risk of missing its targeted release. | |||
|- | |||
| '''ETA''' | |||
| Estimated date for completion of the current feature task. Overall ETA for the feature is the product release date. | |||
|} | |||
__NOTOC__ | |||
Please remove this line and any non-relevant categories below. Add whatever other categories you feel are appropriate. | |||
[[Category:Features]] | |||
[[Category:Platform]] | |||
[[Category:Privacy]] | |||