- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 26 Jan 2012 01:48:18 -0800
On Thu, Jan 26, 2012 at 1:46 AM, David Bruant <bruant.d at gmail.com> wrote: > Le 26/01/2012 10:35, Boris Zbarsky a ?crit : >> On 1/26/12 9:12 AM, Adam Barth wrote: >>>> >>>> Should the speculative parser have knowledge of<meta name=referrer>? >>> >>> That's not what's currently specified. ?Like many other browser >>> features, this feature lets web sites detect that the browser is >>> speculatively prefetching resources. ?If that's a big issue, it's >>> something we can try to address. >> >> It seems like a bigger problem is that if speculative prefetches don't >> know about this <meta> then they will leak the referrer, which is something >> the site did NOT want to happen. > > A radically different approach that websites could take to express not > wanting the referrer to be sent on requests for a given page would be > sending a specific HTTP header in the response. This way, the user agent > would know what the intention is before having to read any <meta> header and > could do the prefetches without sending the referrer. Indeed. I plan to propose this as a directive for CSP 1.1. Adam
Received on Thursday, 26 January 2012 01:48:18 UTC