The example at
http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin
says something along these lines already. I can certainly make that more
explicit:
https://github.com/w3c/webappsec/commit/edec9ef968769fc1354c3ed6610bb0d7711a79f5
-mike
--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
On Mon, Aug 18, 2014 at 9:56 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> Jonas raised this over on the WHATWG list:
> http://lists.w3.org/Archives/Public/public-whatwg-archive/2014Aug/0107.html
>
> On http://wiki.whatwg.org/wiki/Meta_referrer "always" has an
> annotation that it will include a referrer even when going from HTTPS
> to HTTP. "origin" has no such annotation. Per the new Referrer Policy
> draft it seems Origin Only would need such an annotation. I guess the
> question is whether this change in policy is desired or whether they
> should be distinct settings.
>
>
> --
> http://annevankesteren.nl/
>
>