- From: Noam Rosenthal via GitHub <sysbot+gh@w3.org>
- Date: Fri, 29 Oct 2021 08:01:28 +0000
- To: public-css-archive@w3.org
> 1. Using the URL of the style sheet as referrer is correct. This leaks the least amount of data to style sheet subresources. We agreed upon this behavior quite a while ago and it's defined in https://w3c.github.io/webappsec-referrer-policy/#integration-with-css because CSS lacks Fetch integration. > > 1. The document is still the authority for the fetch, so `Sec-Fetch-Site` should be the same I think. > > 2. I'm not sure what CORS has to do with the referrer. > > 3. The Chromium changeset in https://github.com/w3c/csswg-drafts/issues/6775#issuecomment-953808517 appears to be about inline style sheets grabbing the document base URL rather than the document URL per the description. I didn't look at the code change. Can you clarify how it's related? > > > > I think this argues for not taking referrer into account for caches and that's it. > > > > @domfarolino this might interest you. Thanks, this provides the missing context. I will amend the CSS fetch draft accordingly and will add a note about caching in my preload PR. -- GitHub Notification of comment by noamr Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/6775#issuecomment-954517516 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 29 October 2021 08:01:30 UTC