- From: Mike West <notifications@github.com>
- Date: Thu, 17 Oct 2019 21:50:55 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 18 October 2019 04:50:57 UTC
The spec hand-waves in that direction today, noting "Nothing in this specification should be interpreted as preventing user agents from offering options to users which would change the information sent out via a `Referer` header. For instance, user agents MAY allow users to suppress the referrer header entirely, regardless of the active referrer policy on a page." I'm happy to extend that with some language either around the "default referrer policy" definition, or as a "Modify |referrerURL| to whatever you like in the interests of minimizing data leakage." step in-between the existing steps 5 and 6 of https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/952#issuecomment-543502498
Received on Friday, 18 October 2019 04:50:57 UTC