- From: Mike West <mkwst@google.com>
- Date: Mon, 10 Feb 2014 13:40:00 +0100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: David Bruant <bruant.d@gmail.com>, Adam Barth <w3c@adambarth.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=eb446rSwpO5iojybfnxxrH0FCX6CupZOj8Fo6-DcKHwQ@mail.gmail.com>
On Mon, Feb 10, 2014 at 12:50 PM, Anne van Kesteren <annevk@annevk.nl>wrote: > On Mon, Feb 10, 2014 at 12:32 PM, Mike West <mkwst@google.com> wrote: > > Added this to the draft spec in > > > https://github.com/w3c/webappsec/commit/601923fddb26d128cc30fe8b0671deb3df3ad85a > > > > If folks hate the names, bikeshedding is welcome. I'm not firmly > attached to > > them. > > Are you going to migrate http://wiki.whatwg.org/wiki/Meta_referrer > towards these new names too? > I'm happy to make that suggestion, sure. Blink would likely have to alias both names for some period of time, but that's no worse than a variety of other places in which we do strange things based on history. > There is a small problem with "none-when-insecure". Given the > existence of https://gist.github.com/ and similar sites that put the > secret in the URL, it can be unsafe to send out Referer (at least when > there's more than just origin) even over TLS. So maybe we should keep > the name "default" for that. > Hrm. I can see that. "none-when-insecure" was meant to refer to the transport mechanism only, but I agree with you that it's potentially confusing. My only concern with "default" is that it might end up meaning different things to different browsers (see https://groups.google.com/d/msg/mozilla.dev.privacy/wmPzPCdzIU8/KGJ401Dj9lYJfor example). It would be nice to have a name that reflected explicit functionality as opposed to implicitly falling back on UA behavior. I don't have a good suggestion other than what I've already suggested. I'd appreciate suggestions from the group... -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 10 February 2014 12:40:52 UTC