- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 10 Feb 2014 15:47:05 +0100
- To: Mike West <mkwst@google.com>
- Cc: David Bruant <bruant.d@gmail.com>, Adam Barth <w3c@adambarth.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brian Smith <brian@briansmith.org>
On Mon, Feb 10, 2014 at 3:37 PM, Mike West <mkwst@google.com> wrote: > On Mon, Feb 10, 2014 at 3:05 PM, Anne van Kesteren <annevk@annevk.nl> wrote: >> "url-unless-downgrade" might make more sense given that description? > > "downgrade" sounds perfect. I'm not thrilled with 'unless', though. I'm not > sure it's any clearer to specify the "unless" case than the "when" case. "none-when-downgrade"? That it's full otherwise I guess you'll have to learn. Just as you have to learn something with the others. > I guess we could change "origin-when-cross-origin" to > "url-unless-cross-origin", but I'm not sure how to distinguish between the > "unless" behavior: "unless-downgrade" sends no referrer. > "unless-cross-origin" sends origin information. For that reason, I'd prefer > "none-when-downgrade" and "origin-when-cross-origin", as they specify the > important differences more clearly. > > All that said, I think I now agree with you that "default" might be better. > :) Hah, "default" works for me, though "none-when-downgrade" might be better as clearly the default might be changing over time. It's not really an area we've put much effort into so far. > I agree. The spec (and <meta referrer> before it) notes that user agents > should feel more than free to limit referrer information in whatever way > they feel appropriate, regardless of the defined referrer policy. Okay, I guess that's all good then. -- http://annevankesteren.nl/
Received on Monday, 10 February 2014 14:47:32 UTC