Welcome

This page illustrates an issue with the Chrome Memory Saver feature.

Manifestation

Chrome will under certain circumstances omit the referer header in the request of a cross-origin iframe. We have identified the following pre-conditions:

Chrome Memory Saver is enabled
The tab containing the iframe has been discarded
The page within the iframe has Cache-Control headers preventing it from being loaded from the browser cache (no-cache and no-store)
The page within the iframe has a response header setting the Referrer-Policy to same-origin

Moreover, we've only been able to reproduce this issue by placing a Next.js app in the iframe. A simpler reproduction using a Cloudflare Worker was unsuccessful.

Impact

We at GRID became aware of this issue when a customer contacted us. They have a calculator built with GRID embedded on their web page. GRID supports locking down which domains can embed a calculator by white-listing them. This mechanism relies on the presences of a referer header. Hence, the customer noticed that their embedded calculator disappeared when a discarded tab was reloaded.

Workaround

Changing the Referrer-Policy of the page in the iframe to strict-origin-when-cross-origin alleviates the issue.

Reproduction

Below is an iframe pointing to a Next.js page that simply echos back the request headers. Source code is here.

Steps to reproduce

Open a new tab
Type chrome://discards into the address field
Identify the tab containing this page and click Urgent Discard
Click on the tab containing this page, thus triggering a reload

Here's a video that demonstrates the procedure.