Re: Referrer Policy: Same-origin URIs

> I agree. But, aren't analytics and ad conversion trackers usually
> third-party services, such that they wouldn't be covered by your
> proposal, which is restricted to same-origin?

Unfortunately no. Analytics often run as scripts in the origin of the
page. Google Analytics is one famous example. Yes, this is bad; this
is why we should have sub-origins and SRI :)

To be clear, I am proposing that the "value of the referer" can be a
URI that is same-origin. Where the referer then flows depends on the
target URI of the request---it can be cross-origin or same-origin.

> That syntax is more than you need, and more error-prone than you need.

You are right. I should have been more clearer. As you point out, I am
only asking for:

> (equivalent to 'origin')


Received on Sunday, 9 November 2014 02:38:36 UTC