On Wed, Jun 11, 2014 at 11:21 AM, John Kemp <john@jkemp.net> wrote: > Hello, > > > On 06/11/2014 01:55 PM, Jochen Eisinger wrote: > >> Hey, >> >> I'd like to propose to create a more formal standard for referrer >> policies. Until now, there is just a wiki entry at whatwg >> (http://wiki.whatwg.org/wiki/Meta_referrer) and various other specs >> (CSP, fetch) refer to referrer policies, however, there is no formal >> standard. >> >> With a lot of help from Mike, we've put together a first draft here: >> https://w3c.github.io/webappsec/specs/referrer-policy/ >> > > Thanks - looks like a good start! > > > >> Any comments are more than welcome! >> > > How does this draft relate to the 'rel=noreferrer' attribute on <a/> tags? > I see you refer to the "Javascript Global Environment" and one can imagine > that this environment *might* impact how the rel=noreferrer is processed in > the same way you describe via inheritance from the "global" environment, > but it might be helpful to spell that out (and mention it in the > introduction too). > that's covered in step 6 of the "Set request's Referer header" algorithm, no? > > This issue is mentioned in http://wiki.whatwg.org/wiki/Meta_referrer, > which appears to be a good (historical at least) related work for what you > are doing here (and you might want to list it in the references since it > appears to have some of the same content as this draft). > It's linked to in paragraph 7 best -jochen > > Regards, > > - johnk > > >> best >> -jochen >> >
Received on Wednesday, 11 June 2014 18:32:35 UTC