Weird Behavior When Using Referrer-Policy

#1
I'm running into something very weird when adding the Referrer-Policy directive using OLS.

I am setting it to: Referrer-Policy: no-referrer, strict-origin-when-cross-origin

The CHROME browser complains about this with the following error:

Failed to set referrer policy: The value 'strict-origin-when-cross-origin, no-referrer, strict-origin-when-cross-origin;' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.

Weirdly, Firefox does not complain.

When I use the same directive on an NGINX web server, the Chrome browser does not complain.

I am unsure how to debug this. It doesn't make sense that the same directive would elicit a different response in the browser depending on which web server renders the page.

I did look in the browser network tab to make sure that the directive was the same when rendering the page with both OLS and NGINX.

Any ideas would be appreciated.
 
#3
Hi @Cold-Egg,

Thanks for your reply.

What happens if you hit CTRL-F5 on the page to force a page refresh? I've noticed that it can sometimes seem to work on the initial page load. But forcibly reloading the page throws the error.

I'll load up a new site and post the link here later so you can see the behavior and inspect the chrome network tab if you're willing to run down the rabbit hole with me.
 
Top