“Not like different browsers, Chrome resolves the Hyperlink header on subresource requests. However what’s the issue? The difficulty is that the Hyperlink header can set a referrer-policy. We will specify unsafe-url and seize the complete question parameters,” he wrote.
Hyperlink headers are utilized by web sites to inform a browser about vital web page sources, for instance, pictures, that it ought to preload. As a part of the HTTP response that occurs earlier than the browser encounters any HTML, this accelerates response instances. When the browser goes attempting to find the useful resource, often on a third-party server, it transmits a URL containing details about the requesting website, as allowed by the referrer-policy.
Sadly, in Chrome this URL can even embody info with a bearing on safety, corresponding to OAuth flows used for authentication.
