- From: Mike West <notifications@github.com>
- Date: Thu, 06 Jun 2019 00:08:45 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 6 June 2019 07:09:07 UTC
> Looks good to me. 4k seems overly generous, but if we know it's safe and everyone can agree on it then it works. Well, we don't _know_ that it's safe (1 in 10,000 requests isn't nothing!), but it seems like it ought to be safe. And affecting 1 out of 10,000 requests is certainly saf_er_ than affecting 1 out of 1,000. :) We can always ratchet things down further in the future if this isn't tight enough. But as a sanity check, this seems like a reasonable place to start. > Do you know anything else about the referrers other than length? Nope. We're only collecting a simple histogram. >I wonder if a lot of the long ones are data: URLs. We shouldn't be sending `data:` in a `Referer` header. See step 2 of https://w3c.github.io/webappsec-referrer-policy/#strip-url. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/903#issuecomment-499376369
Received on Thursday, 6 June 2019 07:09:07 UTC