- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 26 May 2011 22:03:59 -0700
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: public-web-security@w3.org
On Thu, May 26, 2011 at 7:09 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: >> 1) Remove header entirely. >> 2) Strip down the Referer to just the origin. > > 2. seems to be the Origin header. Is there a particular use case for > adding this ? Mostly integration with existing servers that look at the Referer header. Another possibility is to just strip the query (and fragment, of course). Adam >> https://bugs.webkit.org/show_bug.cgi?id=61576 >> >> Should we add a "scrub-referrer" directive to CSP? >> >> Adam >> >> >
Received on Friday, 27 May 2011 05:04:57 UTC