hixie: Require Referer: to be omitted for data: URLs and sandboxed iframes. (whatwg r4727) from poot on 2010-02-14 (public-html-diffs@w3.org from February 2010)

From: poot <cvsmail@w3.org>
Date: Sun, 14 Feb 2010 18:48:14 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20100214094815.37BF22BC1A@toro.w3.mag.keio.ac.jp>

hixie: Require Referer: to be omitted for data: URLs and sandboxed
iframes. (whatwg r4727)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.3774&r2=1.3775&f=h
http://html5.org/tools/web-apps-tracker?from=4726&to=4727

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3774
retrieving revision 1.3775
diff -u -d -r1.3774 -r1.3775
--- Overview.html 14 Feb 2010 09:44:39 -0000 1.3774
+++ Overview.html 14 Feb 2010 09:48:04 -0000 1.3775
@@ -4520,6 +4520,11 @@
     Request-URIs are obtained</i>.</p> <!-- RFC2616 says "The URI MUST
     NOT include a fragment." (section 14.36) -->
 
+    <p>If the <a href="#origin">origin</a> of the appropriate
+    <code>Document</code> is not a scheme/host/port tuple, then the
+    <code title="http-referer">Referer</code> (sic) header must be
+    omitted, regardless of its value.</p>
+
    </li>
 
    <li><p>Perform the remaining steps asynchronously.</li>

Received on Sunday, 14 February 2010 09:48:43 UTC