- From: David Bruant <bruant.d@gmail.com>
- Date: Thu, 30 Jan 2014 12:10:59 +0100
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- CC: Adam Barth <abarth@chromium.org>
[Not sure if this list or whatwg is most appropriate. cc'ing Adam Barth in any case] Hi, It looks to me that combining CSP 1.1 referrer directive and HTML meta element, one gets at least to the same result than what was intended for <meta name="referrer">. Should we forget about <meta name="referrer"> then? The referrer directive currently has a note about conflicting policies. This note could be removed. Conflicts could only occur if there is conflicts between header and meta policy and the CSP spec is very clear on the fact that the header is more important. David
Received on Thursday, 30 January 2014 11:11:29 UTC