W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

CSP 1.1 referrer + meta >= <meta name="referrer"> ?

From: David Bruant <bruant.d@gmail.com>
Date: Thu, 30 Jan 2014 12:10:59 +0100
Message-ID: <52EA3343.6020808@gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
CC: Adam Barth <abarth@chromium.org>
[Not sure if this list or whatwg is most appropriate.
cc'ing Adam Barth in any case]

Hi,

It looks to me that combining CSP 1.1 referrer directive and HTML meta 
element, one gets at least to the same result than what was intended for 
<meta name="referrer">.
Should we forget about <meta name="referrer"> then?

The referrer directive currently has a note about conflicting policies. 
This note could be removed. Conflicts could only occur if there is 
conflicts between header and meta policy and the CSP spec is very clear 
on the fact that the header is more important.

David
Received on Thursday, 30 January 2014 11:11:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC