Re: Referrer: change from <meta> with respect to origin from Mike West on 2014-08-18 (public-webappsec@w3.org from August 2014)

From: Mike West <mkwst@google.com>
Date: Mon, 18 Aug 2014 10:21:49 +0200
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WebAppSec WG <public-webappsec@w3.org>, Jonas Sicking <jonas@sicking.cc>, Brian Smith <brian@briansmith.org>
Message-ID: <CAKXHy=eN=-8vKkDQOfGk+gB8uP3jFgJ3bdMsJ5B-9YbdG6Z5+A@mail.gmail.com>

The example at
http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin
says something along these lines already. I can certainly make that more
explicit:
https://github.com/w3c/webappsec/commit/edec9ef968769fc1354c3ed6610bb0d7711a79f5

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Mon, Aug 18, 2014 at 9:56 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> Jonas raised this over on the WHATWG list:
> http://lists.w3.org/Archives/Public/public-whatwg-archive/2014Aug/0107.html
>
> On http://wiki.whatwg.org/wiki/Meta_referrer "always" has an
> annotation that it will include a referrer even when going from HTTPS
> to HTTP. "origin" has no such annotation. Per the new Referrer Policy
> draft it seems Origin Only would need such an annotation. I guess the
> question is whether this change in policy is desired or whether they
> should be distinct settings.
>
>
> --
> http://annevankesteren.nl/
>
>

Received on Monday, 18 August 2014 08:22:37 UTC