CSP 1.1 referrer + meta >= <meta name="referrer"> ?

[Not sure if this list or whatwg is most appropriate.
cc'ing Adam Barth in any case]


It looks to me that combining CSP 1.1 referrer directive and HTML meta 
element, one gets at least to the same result than what was intended for 
<meta name="referrer">.
Should we forget about <meta name="referrer"> then?

The referrer directive currently has a note about conflicting policies. 
This note could be removed. Conflicts could only occur if there is 
conflicts between header and meta policy and the CSP spec is very clear 
on the fact that the header is more important.


Received on Thursday, 30 January 2014 11:11:29 UTC