“Not like different browsers, Chrome resolves the Hyperlink header on subresource requests. However what’s the issue? The difficulty is that the Hyperlink header can set a referrer-policy. We are able to specify unsafe-url and seize the total question parameters,” he wrote.
Hyperlink headers are utilized by web sites to inform a browser about essential web page assets, for instance, photos, that it ought to preload. As a part of the HTTP response that occurs earlier than the browser encounters any HTML, this accelerates response occasions. When the browser goes looking for the useful resource, normally on a third-party server, it transmits a URL containing details about the requesting web site, as allowed by the referrer-policy.
Sadly, in Chrome this URL also can embrace info with a bearing on safety, similar to OAuth flows used for authentication.
