W3C home > Mailing lists > Public > public-web-security@w3.org > May 2011

Re: scrub-referrer directive?

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 26 May 2011 22:03:59 -0700
Message-ID: <BANLkTimUK73q_rcFb0r4nRCUUy9SF57njA@mail.gmail.com>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: public-web-security@w3.org
On Thu, May 26, 2011 at 7:09 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
>> 1) Remove header entirely.
>> 2) Strip down the Referer to just the origin.
>
> 2. seems to be the Origin header. Is there a particular use case for
> adding this ?

Mostly integration with existing servers that look at the Referer
header.  Another possibility is to just strip the query (and fragment,
of course).

Adam


>> https://bugs.webkit.org/show_bug.cgi?id=61576
>>
>> Should we add a "scrub-referrer" directive to CSP?
>>
>> Adam
>>
>>
>
Received on Friday, 27 May 2011 05:04:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 May 2011 05:04:57 GMT