- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 10 Feb 2014 12:50:55 +0100
- To: Mike West <mkwst@google.com>
- Cc: David Bruant <bruant.d@gmail.com>, Adam Barth <w3c@adambarth.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Feb 10, 2014 at 12:32 PM, Mike West <mkwst@google.com> wrote: > Added this to the draft spec in > https://github.com/w3c/webappsec/commit/601923fddb26d128cc30fe8b0671deb3df3ad85a > > If folks hate the names, bikeshedding is welcome. I'm not firmly attached to > them. Are you going to migrate http://wiki.whatwg.org/wiki/Meta_referrer towards these new names too? There is a small problem with "none-when-insecure". Given the existence of https://gist.github.com/ and similar sites that put the secret in the URL, it can be unsafe to send out Referer (at least when there's more than just origin) even over TLS. So maybe we should keep the name "default" for that. -- http://annevankesteren.nl/
Received on Monday, 10 February 2014 11:51:24 UTC