- From: Brian Smith <brian@briansmith.org>
- Date: Wed, 3 Dec 2014 13:23:44 -0800
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi, I've now written down my ideas on how to improve browsers' handling of the Referer header field: https://briansmith.org/referrer-01.html I admit the proposal is quite rough, but I think this proposal does a decent job of explaining how and why the draft referrer policy document can be improved, and how and why the CSP referrer directive should be changed (replaced). A comparison between this proposal and the current WebAppSec drafts is at the end of the proposal. This proposal reflects feedback received from Twitter and Facebook from last year, and from other people in the Mozilla community, from when I was at Mozilla. My intent in sharing this proposal here is to initiate discussion which will (hopefully) lead to the improvements to the Referrer Policy and CSP 2 drafts that the proposal suggests. Feedback appreciated. Cheers, Brian
Received on Wednesday, 3 December 2014 21:24:10 UTC