On Wed, Jun 11, 2014 at 11:21 AM, John Kemp <john@jkemp.net> wrote:
> Hello,
>
>
> On 06/11/2014 01:55 PM, Jochen Eisinger wrote:
>
>> Hey,
>>
>> I'd like to propose to create a more formal standard for referrer
>> policies. Until now, there is just a wiki entry at whatwg
>> (http://wiki.whatwg.org/wiki/Meta_referrer) and various other specs
>> (CSP, fetch) refer to referrer policies, however, there is no formal
>> standard.
>>
>> With a lot of help from Mike, we've put together a first draft here:
>> https://w3c.github.io/webappsec/specs/referrer-policy/
>>
>
> Thanks - looks like a good start!
>
>
>
>> Any comments are more than welcome!
>>
>
> How does this draft relate to the 'rel=noreferrer' attribute on <a/> tags?
> I see you refer to the "Javascript Global Environment" and one can imagine
> that this environment *might* impact how the rel=noreferrer is processed in
> the same way you describe via inheritance from the "global" environment,
> but it might be helpful to spell that out (and mention it in the
> introduction too).
>
that's covered in step 6 of the "Set request's Referer header" algorithm,
no?
>
> This issue is mentioned in http://wiki.whatwg.org/wiki/Meta_referrer,
> which appears to be a good (historical at least) related work for what you
> are doing here (and you might want to list it in the references since it
> appears to have some of the same content as this draft).
>
It's linked to in paragraph 7
best
-jochen
>
> Regards,
>
> - johnk
>
>
>> best
>> -jochen
>>
>