W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: Standardize referrer policy

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 12 Jun 2014 11:51:21 +0200
Message-ID: <CADnb78iL-qsLGwJLN9D__dj9jA8EOts9DmrMOCP=nZPe5_bsxA@mail.gmail.com>
To: Jochen Eisinger <eisinger@google.com>, Ian Hickson <ian@hixie.ch>
Cc: WebAppSec WG <public-webappsec@w3.org>, Sid Stamm <sid@mozilla.com>, Adam Barth <abarth@google.com>, Mike West <mkwst@google.com>
On Wed, Jun 11, 2014 at 7:55 PM, Jochen Eisinger <eisinger@google.com> wrote:
> With a lot of help from Mike, we've put together a first draft here:
> https://w3c.github.io/webappsec/specs/referrer-policy/

I think what would be best for Fetch integration is me handing you a
request and you returning a URL or <i title>none</i>. I tentatively
called this hook "determine referrer". That way Fetch can decide when
it wants to expose this information as a header. And that way this is
also a side-effect free invocation which seems preferable.

See http://fetch.spec.whatwg.org/#concept-fetch for the tentative
hook. Search for [REFERRER].


As for the specifics of what Referrer Policy should do I copied Ian as
HTML currently has a rather evolved set of steps:
http://www.whatwg.org/specs/web-apps/current-work/multipage/fetching-resources.html#fetch
We should take those over somehow or Ian needs to do some handling
before invoking the Fetch Standard. I don't really have a real
preference there.


-- 
http://annevankesteren.nl/
Received on Thursday, 12 June 2014 09:51:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC