W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: Standardize referrer policy

From: John Kemp <john@jkemp.net>
Date: Wed, 11 Jun 2014 14:21:52 -0400
Message-ID: <53989E40.5090608@jkemp.net>
To: Jochen Eisinger <eisinger@google.com>, public-webappsec@w3.org
CC: Sid Stamm <sid@mozilla.com>, Adam Barth <abarth@google.com>, Mike West <mkwst@google.com>
Hello,

On 06/11/2014 01:55 PM, Jochen Eisinger wrote:
> Hey,
>
> I'd like to propose to create a more formal standard for referrer
> policies. Until now, there is just a wiki entry at whatwg
> (http://wiki.whatwg.org/wiki/Meta_referrer) and various other specs
> (CSP, fetch) refer to referrer policies, however, there is no formal
> standard.
>
> With a lot of help from Mike, we've put together a first draft here:
> https://w3c.github.io/webappsec/specs/referrer-policy/

Thanks - looks like a good start!

>
> Any comments are more than welcome!

How does this draft relate to the 'rel=noreferrer' attribute on <a/> 
tags? I see you refer to the "Javascript Global Environment" and one can 
imagine that this environment *might* impact how the rel=noreferrer is 
processed in the same way you describe via inheritance from the "global" 
environment, but it might be helpful to spell that out (and mention it 
in the introduction too).

This issue is mentioned in http://wiki.whatwg.org/wiki/Meta_referrer, 
which appears to be a good (historical at least) related work for what 
you are doing here (and you might want to list it in the references 
since it appears to have some of the same content as this draft).

Regards,

- johnk

>
> best
> -jochen
Received on Wednesday, 11 June 2014 18:22:52 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC