W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2014

Re: Referrer vs CSP

From: Mike West <mkwst@google.com>
Date: Mon, 18 Aug 2014 09:18:48 +0200
Message-ID: <CAKXHy=dCVzaZrvKVNEBuR4VoEdn_oiYfOM5jGAHQaRpYpFwzxg@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WebAppSec WG <public-webappsec@w3.org>
Given that referrer policy is a FPWD, I wasn't sure whether it was stable
enough to refer to in CSP. I agree that that's the right thing to do,
however:
https://github.com/w3c/webappsec/commit/d5483ae3cb199798cdd44d5c85c2482e7f992501

If we decide that such delegation is premature, we can always revert that
patch.

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)


On Sat, Aug 16, 2014 at 8:16 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> It seems that Referrer Policy needs to define the CSP bits itself if
> it wants to replace that part of the CSP specification, no? Or at
> least CSP needs to acknowledge that it only controls the syntax and
> point back somehow.
>
>
> --
> http://annevankesteren.nl/
>
>
Received on Monday, 18 August 2014 07:19:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC