W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

Re: 'referrer' directive strawman.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 22 Oct 2013 11:15:43 +0100
Message-ID: <CADnb78h8ewMTEUmFQB1dEMp_ga=bMzUKFsPQ9unnYf9EbgU9Jw@mail.gmail.com>
To: Mike West <mkwst@google.com>, Alex Russell <slightlyoff@google.com>, Yehuda Katz <wycats@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Oct 21, 2013 at 6:21 PM, Mike West <mkwst@google.com> wrote:
> I put in a strawman draft of a 'referrer' directive to control a document's
> referrer policy, borrowing liberally from
> http://wiki.whatwg.org/wiki/Meta_referrer. Talking to some folks today, I
> realized that I never sent this out for comment. Apologies!
>
> I'd love feedback on
> https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#referrer
>
> Specifically, two things:
>
> 1. I'm sure the fetch integration is done poorly. Anne, help? :)

Well, see http://lists.w3.org/Archives/Public/public-webappsec/2013Sep/0083.html
and http://lists.w3.org/Archives/Public/public-webappsec/2013Sep/0084.html

Still waiting for a reply from Alex, but this also seems to argue for
having tight integration rather than having CSP being a distinct
layer.


-- 
http://annevankesteren.nl/
Received on Tuesday, 22 October 2013 10:16:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:03 UTC