I am creating a class (es) in php to validate if referrers received in the headers adhere to the Referrer-policy set for the document.
I have tried to create a table which will tell me when a referer is sent and what to expect in them. However I could not find relevant information for the following cases:
origin-when-cross-origin- what to expect for same origin requests when the protocol improvesstrict-origin- what to expect for same origin requests when the protocol improves
The below table shows the current status of where I am.
| referrer-policy | so & ps |
so & pi |
so & pd |
co & ps |
co & pi |
co & pd |
|---|---|---|---|---|---|---|
| no-referrer | none | none | none | none | none | none |
| no-referrer-when-downgrade | comUrl | comUrl | none | comUrl | comUrl | none |
| origin | origin | origin | origin | origin | origin | origin |
| origin-when-cross-origin | comUrl | ?? | origin | origin | origin | origin |
| same-origin | comUrl | comUrl | comUrl | none | none | none |
| strict-origin | origin | ?? | none | origin | origin | none |
| strict-origin-when-cross-origin | comUrl | comUrl | none | orgin | origin | none |
| unsafe-url | comUrl | comUrl | comUrl | comUrl | comUrl | comUrl |
Please read the table as per the following legends
so-> same origin,co-> cross origin,ps-> protocol same (http -> http,https -> https),pi-> protocol improves (http -> https)pd-> protocol downgrades (https -> httporhttps -> fileand I assumehttp -> filetoo),Origin->scheme,hostname, andportcomUrl->origin,path, andquerystring(basically skipsuser,passandfragmentie. anything after #)
So what is the expected response in the two cases? Also am I correct in assuming a protocol downgrade when an http page makes a request to file