- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Wed, 29 Jun 2016 10:01:05 -0700
- To: Ryan Townsend <ryan@ryantownsend.co.uk>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Wednesday, 29 June 2016 17:01:35 UTC
We've discussed this and combined tags was rejected in favor of a simpler system that (currently) doesn't cover all possible states but does make it impossible to create conflicting combinations. The Mozilla team in particular felt the lack of options to prevent leakage over insecure channels and have proposed 3 new states: https://github.com/w3c/webappsec-referrer-policy/pull/19 https://github.com/w3c/webappsec-referrer-policy/issues/50 -Dan Veditz
Received on Wednesday, 29 June 2016 17:01:35 UTC