- From: Bil Corry <bil@corry.biz>
- Date: Sat, 28 May 2011 08:34:22 -0700
- To: Michal Zalewski <lcamtuf@coredump.cx>
- CC: Daniel Veditz <dveditz@mozilla.com>, Adam Barth <w3c@adambarth.com>, public-web-security@w3.org, Brandon Sterne <bsterne@mozilla.com>, Sid Stamm <sstamm@mozilla.com>
Michal Zalewski wrote on 5/27/2011 11:22 PM: > Sites that care (Facebook, GMail, etc) typically use the latter > technique, but every now and then, they miss a spot. Having a simple > opt-in mechanism that works for all content inclusion modes, and can > be applied site-wide, is a clear win for them, probably. I agree and I do think it would be helpful for those sites. For more granular control, it would be helpful to have mechanism within HTML5 to define "privacy-sensitive context" (per link? per page?) and use it to omit referrer and origin, as described in Adam's "The Web Origin Concept" draft[1]. I believe HTML5 currently has hard-coded rules for when a request is privacy-sensitive, which is a similar approach to how referrer is selectively omitted, and like referrer, the lack of granular control doesn't provide the ideal security control for all sites. Related, I saw that omitting the referrer entirely is part of mnot's "HTTP Browser Hints" draft[2], but I believe that would only affect requests being sent to the site providing the hint, which doesn't help with cross-domain requests. - Bil [1] http://tools.ietf.org/html/draft-abarth-origin-09#section-6.3 [2] http://tools.ietf.org/html/draft-nottingham-http-browser-hints-00#section-5.5
Received on Saturday, 28 May 2011 15:58:56 UTC