W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2019

FYI: Pending PRs allowing tightening the default referrer policy

From: David Van Cleve <davidvc@chromium.org>
Date: Tue, 15 Oct 2019 15:11:30 -0400
Message-ID: <CAMeJureNB-jQfms7Ys02WN=gDMvhT8wTtN6Gy+1_ExQo_u4hDQ@mail.gmail.com>
To: public-webappsec@w3c.org
FYI, my colleague Mike West has submitted some PRs to the Fetch
<https://github.com/whatwg/fetch/pull/952> and Referrer Policy
<https://github.com/w3c/webappsec-referrer-policy/pull/125> specs to give
browsers more latitude to set their own, more secure, default referrer
policies.

This is concurrent with our pending change to move Chrome's default
referrer policy to strict-origin-to-cross-origin (please find the I2I on
blink-dev) and follows some other recent prior discussion
<https://github.com/w3c/webappsec-referrer-policy/issues/121> about
changing the specs' treatment of referrer policy defaults.

Cheers,

David Van Cleve
Google
Received on Wednesday, 16 October 2019 02:01:29 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 16 October 2019 02:01:30 UTC