W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2012

[whatwg] Feedback on Meta referrer

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 26 Jan 2012 01:48:18 -0800
Message-ID: <CAJE5ia8ZBx-cLPGW3yHy3=cPq0WW=YxX+8KH9xNkNn91tTwneQ@mail.gmail.com>
On Thu, Jan 26, 2012 at 1:46 AM, David Bruant <bruant.d at gmail.com> wrote:
> Le 26/01/2012 10:35, Boris Zbarsky a ?crit :
>> On 1/26/12 9:12 AM, Adam Barth wrote:
>>>>
>>>> Should the speculative parser have knowledge of<meta name=referrer>?
>>>
>>> That's not what's currently specified. ?Like many other browser
>>> features, this feature lets web sites detect that the browser is
>>> speculatively prefetching resources. ?If that's a big issue, it's
>>> something we can try to address.
>>
>> It seems like a bigger problem is that if speculative prefetches don't
>> know about this <meta> then they will leak the referrer, which is something
>> the site did NOT want to happen.
>
> A radically different approach that websites could take to express not
> wanting the referrer to be sent on requests for a given page would be
> sending a specific HTTP header in the response. This way, the user agent
> would know what the intention is before having to read any <meta> header and
> could do the prefetches without sending the referrer.

Indeed.  I plan to propose this as a directive for CSP 1.1.

Adam
Received on Thursday, 26 January 2012 01:48:18 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:10 UTC