- From: sourcekick <sourcekick@gmail.com>
- Date: Sun, 28 Dec 2014 20:16:31 +0100
- To: public-webappsec@w3.org
Received on Tuesday, 30 December 2014 20:27:00 UTC
Hi, is it possible to combine certain choices of the referrer policy? If not, please consider making combinations possible or alternatively add more choices. That is, without making the whole space of possibilities too complicated. In particular I would be interested in the following combination: Origin When Cross-Origin AND No Referrer When Downgrade The intention here would be to not send a referrer at all over an insecure connection (http) while enforcing the rules of "Origin When Cross-Origin" regarding cases with secure connections (https). Note that http://w3c.github.io/webappsec/specs/referrer-policy/#determine-policy-for-token and http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states and https://w3c.github.io/webappsec/specs/content-security-policy/#directive-referrer read like combinatios are not possible. -- sk
Received on Tuesday, 30 December 2014 20:27:00 UTC