W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: Standardize referrer policy

From: Jochen Eisinger <eisinger@google.com>
Date: Wed, 11 Jun 2014 11:31:46 -0700
Message-ID: <CALjhuidyf1Cr=XKZyuchTMhJxpa9ygXTVBvrVn6YJnttxjWUKw@mail.gmail.com>
To: John Kemp <john@jkemp.net>
Cc: public-webappsec@w3.org, Sid Stamm <sid@mozilla.com>, Adam Barth <abarth@google.com>, Mike West <mkwst@google.com>
On Wed, Jun 11, 2014 at 11:21 AM, John Kemp <john@jkemp.net> wrote:

> Hello,
>
>
> On 06/11/2014 01:55 PM, Jochen Eisinger wrote:
>
>> Hey,
>>
>> I'd like to propose to create a more formal standard for referrer
>> policies. Until now, there is just a wiki entry at whatwg
>> (http://wiki.whatwg.org/wiki/Meta_referrer) and various other specs
>> (CSP, fetch) refer to referrer policies, however, there is no formal
>> standard.
>>
>> With a lot of help from Mike, we've put together a first draft here:
>> https://w3c.github.io/webappsec/specs/referrer-policy/
>>
>
> Thanks - looks like a good start!
>
>
>
>> Any comments are more than welcome!
>>
>
> How does this draft relate to the 'rel=noreferrer' attribute on <a/> tags?
> I see you refer to the "Javascript Global Environment" and one can imagine
> that this environment *might* impact how the rel=noreferrer is processed in
> the same way you describe via inheritance from the "global" environment,
> but it might be helpful to spell that out (and mention it in the
> introduction too).
>

that's covered in step 6 of the "Set request's Referer header" algorithm,
no?

>
> This issue is mentioned in http://wiki.whatwg.org/wiki/Meta_referrer,
> which appears to be a good (historical at least) related work for what you
> are doing here (and you might want to list it in the references since it
> appears to have some of the same content as this draft).
>

It's linked to in paragraph 7

best
-jochen



>
> Regards,
>
> - johnk
>
>
>> best
>> -jochen
>>
>
Received on Wednesday, 11 June 2014 18:32:35 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC