Closed oyiptong closed 2 years ago
See https://bugs.chromium.org/p/chromium/issues/detail?id=1126091 for a downstream bug asking for this capability. (@oyiptong filed this on their behalf.)
Surely there is no issue with this if it is a same-origin redirect? The origin could in theory read the data before the redirect so there doesn't seem to be any privacy or security implication to supporting this providing it stays on the same origin. That would solve our issue (crbug.com/1126091).
I think we should at least allow same-origin redirect, as no information would leak outside the origin (which is how much of the web's permission model isolates things), as mentioned by AshleyScirra.
Similarly, we almost definitely should not allow cross-origin redirect, as this may allow information to leave the origin.
I think this Q should go to @alancutter who is speccing launchQueue
as part of link capturing.
Preserving launch event for same origin HTTP redirects SGTM.
redirects and reloads preserve the launch queue now.
Right now, a redirect clears the launch queue.
Should a 307 redirect, which is a temporary redirect, not clear the launch queue?