Re: Sending Referer [#144]

Adam Barth wrote:
> On Mon, Jun 1, 2009 at 11:40 AM, Adam Barth <w3c@adambarth.com> wrote:
>> With regards to the 'null' value, we should try to pick a value that's
>> friendly to regular expressions (i.e., avoids . / [ and similar
>> characters) because many web application firewalls (who would use this
>> value) express their rules in terms of regular expressions.
> 
> One possible value we could use is
> 
> about:blank
> 
> There is an I-D kicking around somewhere that defines the about
> scheme.  The author might be amenable to allowing about:blank to be
> used here (e.g., as a "placeholder" URI when no other URI is
> appropriate).
> 
> Another possibility is to use something like
> 
> about:noreferrer
> 
> and define about:noreferrer to return a resource that describes what
> the value means in the Referer header (e.g., the relevant requirements
> from HTTPbis).

That will be tricky to use, as it would be a downref to a Proposed 
Standard (*). HTTPbis will be (at least) one step ahead on the standards 
ladder).

BR, Julian

(*) Optimistically.

Received on Monday, 1 June 2009 19:15:27 UTC