W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2014

Re: [REFERRER] Where does "Determine request¢s Referrer" get its URL from?

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 25 Jul 2014 17:49:30 +0000 (UTC)
To: Mike West <mkwst@google.com>
cc: Jochen Eisinger <eisinger@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevk@annevk.nl>
Message-ID: <alpine.DEB.2.00.1407251709100.8748@ps20323.dreamhostps.com>
On Fri, 25 Jul 2014, Mike West wrote:
> On Thu, Jul 24, 2014 at 9:26 PM, Ian Hickson <ian@hixie.ch> wrote:
> > Other than [the fundamental objection to JS environment], this seems 
> > much closer. One remaining nit is that the API referrer source isn't 
> > always a Document, sometimes it's a URL.
> Hrm. When does this happen?


> https://github.com/w3c/webappsec/commit/68317e6c6df9e81a1f4570bc8bf984660abd4bf0 
> hopefully addresses it.

Yeah, looks good, modulo the whole "using a JS environment in the first 
place" thing. :-)

I'll let Anne weigh in on that issue.

> > We don't need JS global environments to do this. (What about non-JS 
> > workers in the future?)
> Is there a proposal for such a thing?

There's always proposals for putting languages other than JS on the Web. 
While so far there's not been much cross-vendor support for any one 
solution, it seems like a safe bet to assume that eventually something 
like that will come along that gets adopted widely.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 25 July 2014 17:49:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC