Re: scrub-referrer directive?

On 5/27/11 11:22 p, Michal Zalewski wrote:
> Sites that care (Facebook, GMail, etc) typically use the latter
> technique, but every now and then, they miss a spot. Having a simple
> opt-in mechanism that works for all content inclusion modes, and can
> be applied site-wide, is a clear win for them, probably.

I'd be up for adding a directive to CSP in the future, but not for the
current working draft (really want to avoid seeing spec creep before a
first version is ready).

I know the rel=noreferrer in webkit[0] seems promising, but yeah, if you
miss one you're hosed.  What if we put it or something similar in the
<body> tag?



Received on Saturday, 28 May 2011 16:08:05 UTC