Re: referrer directive expressiveness

On Mon, Feb 10, 2014 at 12:32 PM, Mike West <mkwst@google.com> wrote:
> Added this to the draft spec in
> https://github.com/w3c/webappsec/commit/601923fddb26d128cc30fe8b0671deb3df3ad85a
>
> If folks hate the names, bikeshedding is welcome. I'm not firmly attached to
> them.

Are you going to migrate http://wiki.whatwg.org/wiki/Meta_referrer
towards these new names too?

There is a small problem with "none-when-insecure". Given the
existence of https://gist.github.com/ and similar sites that put the
secret in the URL, it can be unsafe to send out Referer (at least when
there's more than just origin) even over TLS. So maybe we should keep
the name "default" for that.


-- 
http://annevankesteren.nl/

Received on Monday, 10 February 2014 11:51:24 UTC