W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

[REFERRER] Combination of referrer directive values

From: sourcekick <sourcekick@gmail.com>
Date: Sun, 28 Dec 2014 20:16:31 +0100
Message-ID: <CAO7ggMyciD3dybsiAVYKgAnRtpnkk53NuYLuW+pZJwexHF0yag@mail.gmail.com>
To: public-webappsec@w3.org

is it possible to combine certain choices of the referrer policy?

If not, please consider making combinations possible or alternatively add
more choices. That is, without making the whole space of possibilities too

In particular I would be interested in the following combination:
Origin When Cross-Origin AND No Referrer When Downgrade
The intention here would be to not send a referrer at all over an insecure
connection (http) while enforcing the rules of "Origin When Cross-Origin"
regarding cases with secure connections (https).

Note that
read like combinatios are not possible.

-- sk
Received on Tuesday, 30 December 2014 20:27:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC