Re: Early morning thoughts on referrers. from Jochen Eisinger on 2014-11-10 (public-webappsec@w3.org from November 2014)

From: Jochen Eisinger <eisinger@google.com>
Date: Mon, 10 Nov 2014 10:32:19 +0000
To: Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Brian Smith <brian@briansmith.org>
Message-ID: <CALjhuidKO6ERKySFOAgOxiTxtexYF31tbVMZDuwGN1tQEsQAQQ@mail.gmail.com>

I'm not sure that introducing additional complexity into the referrer
policy spec is worthwhile. I see the referrer policy as working around some
short-comings for websites moving to https, but I don't think that
referrers in general are such a great feature that we should make it more
compelling to use.

best
-jochen

On Mon Nov 10 2014 at 10:01:36 AM Anne van Kesteren <annevk@annevk.nl>
wrote:

> On Mon, Nov 10, 2014 at 6:10 AM, Mike West <mkwst@google.com> wrote:
> > As a strawman, let's break requests into two buckets: same-public-suffix
> > and cross-public-suffix,
>
> Why do we need to bring public suffix into this? That seems like a bad
> idea.
>
> I agree with Brian that we want to differentiate subresources from
> "navigation" (client fetches?). Service workers also need that
> distinction, perhaps we should come up with some kind of definition
> based on request contexts. (For that we also need to resolve that
> dedicated worker question I posed a while back.)
>
>
> --
> https://annevankesteren.nl/
>

Received on Monday, 10 November 2014 10:32:47 UTC