W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

[REFERRER][CSP] Improving the Web Platform's Referrer Policy

From: Brian Smith <brian@briansmith.org>
Date: Wed, 3 Dec 2014 13:23:44 -0800
Message-ID: <CAFewVt4=SimgPouXoB=_wDpvziegqFSryvFYLNxkJ4Lr4vw4HA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>

I've now written down my ideas on how to improve browsers' handling of
the Referer header field:


I admit the proposal is quite rough, but I think this proposal does a
decent job of explaining how and why the draft referrer policy
document can be improved, and how and why the CSP referrer directive
should be changed (replaced). A comparison between this proposal and
the current WebAppSec drafts is at the end of the proposal. This
proposal reflects feedback received from Twitter and Facebook from
last year, and from other people in the Mozilla community, from when I
was at Mozilla.

My intent in sharing this proposal here is to initiate discussion
which will (hopefully) lead to the improvements to the Referrer Policy
and CSP 2 drafts that the proposal suggests.

Feedback appreciated.

Received on Wednesday, 3 December 2014 21:24:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:43 UTC