W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: referrer directive expressiveness

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 30 Jan 2014 15:04:38 -0800
Message-ID: <CADnb78gaL=VKc+Swd4Vsv0vY2zSsTBiy79i4oXEMcT+-_xOqvA@mail.gmail.com>
To: David Bruant <bruant.d@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jan 30, 2014 at 2:45 PM, David Bruant <bruant.d@gmail.com> wrote:
> Should the two keywords be split (even if some combinations don't really
> make sense) or should a single value be added for Facebook current use case?

I feel like origin should mean what Facebook wants. Is there a use
case for only sending the origin to your own server?

never -> never include Referer
origin -> full Referer for same-origin fetches, origin Referer for
cross-origin fetches
full -> full Referer for all fetches

Received on Thursday, 30 January 2014 23:05:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC