W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

[REFERRER] Combination of referrer directive values

From: sourcekick <sourcekick@gmail.com>
Date: Sun, 28 Dec 2014 20:16:31 +0100
Message-ID: <CAO7ggMyciD3dybsiAVYKgAnRtpnkk53NuYLuW+pZJwexHF0yag@mail.gmail.com>
To: public-webappsec@w3.org
Hi,

is it possible to combine certain choices of the referrer policy?

If not, please consider making combinations possible or alternatively add
more choices. That is, without making the whole space of possibilities too
complicated.


In particular I would be interested in the following combination:
Origin When Cross-Origin AND No Referrer When Downgrade
The intention here would be to not send a referrer at all over an insecure
connection (http) while enforcing the rules of "Origin When Cross-Origin"
regarding cases with secure connections (https).


Note that
http://w3c.github.io/webappsec/specs/referrer-policy/#determine-policy-for-token
and
http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states
and
https://w3c.github.io/webappsec/specs/content-security-policy/#directive-referrer
read like combinatios are not possible.

-- sk
Received on Tuesday, 30 December 2014 20:27:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC