- From: Noam Rosenthal via GitHub <sysbot+gh@w3.org>
- Date: Fri, 29 Oct 2021 09:44:42 +0000
- To: public-css-archive@w3.org
> 1. Using the URL of the style sheet as referrer is correct. This leaks the least amount of data to style sheet subresources. We agreed upon this behavior quite a while ago and it's defined in https://w3c.github.io/webappsec-referrer-policy/#integration-with-css because CSS lacks Fetch integration. > > 1. The document is still the authority for the fetch, so `Sec-Fetch-Site` should be the same I think. > 2. I'm not sure what CORS has to do with the referrer. I meant that Safari seems to send neither `origin` or `refrerer` headers when fetching fonts. -- GitHub Notification of comment by noamr Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/6775#issuecomment-954603170 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 29 October 2021 09:44:44 UTC