Re: [csswg-drafts] [css-fonts] Clarify: use of referrers in font fetching and relationship with preloads (#6775) from Noam Rosenthal via GitHub on 2021-10-29 (public-css-archive@w3.org from October 2021)

From: Noam Rosenthal via GitHub <sysbot+gh@w3.org>
Date: Fri, 29 Oct 2021 09:44:42 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-954603170-1635500681-sysbot+gh@w3.org>

> 1. Using the URL of the style sheet as referrer is correct. This leaks the least amount of data to style sheet subresources. We agreed upon this behavior quite a while ago and it's defined in https://w3c.github.io/webappsec-referrer-policy/#integration-with-css because CSS lacks Fetch integration.
>    
>    1. The document is still the authority for the fetch, so `Sec-Fetch-Site` should be the same I think.
> 2. I'm not sure what CORS has to do with the referrer.

 I meant that Safari seems to send neither `origin` or `refrerer` headers when fetching fonts.

-- 
GitHub Notification of comment by noamr
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/6775#issuecomment-954603170 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 29 October 2021 09:44:44 UTC