- From: arturjanc <notifications@github.com>
- Date: Tue, 17 Apr 2018 15:15:31 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 17 April 2018 22:15:54 UTC
This is interesting -- I had expected the case mentioned by @TanviHacks might already leak in all browsers via `window.location.ancestorOrigins`, but it looks like this is true only for Chrome and Safari. From what I see this is due to a conscious decision in Firefox based on @bzbarsky's feedback on https://bugzilla.mozilla.org/show_bug.cgi?id=1085214#c23 and https://github.com/whatwg/html/issues/1918. I agree that this would be concern if a UA wants to prevent a frame from being able to find out the origin of its embedder when the embedder sets `Referrer-Policy: no-referrer`. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/687#issuecomment-382172709
Received on Tuesday, 17 April 2018 22:15:54 UTC