W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: Early morning thoughts on referrers.

From: Jochen Eisinger <eisinger@google.com>
Date: Mon, 10 Nov 2014 10:32:19 +0000
Message-ID: <CALjhuidKO6ERKySFOAgOxiTxtexYF31tbVMZDuwGN1tQEsQAQQ@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Brian Smith <brian@briansmith.org>
I'm not sure that introducing additional complexity into the referrer
policy spec is worthwhile. I see the referrer policy as working around some
short-comings for websites moving to https, but I don't think that
referrers in general are such a great feature that we should make it more
compelling to use.

best
-jochen

On Mon Nov 10 2014 at 10:01:36 AM Anne van Kesteren <annevk@annevk.nl>
wrote:

> On Mon, Nov 10, 2014 at 6:10 AM, Mike West <mkwst@google.com> wrote:
> > As a strawman, let's break requests into two buckets: same-public-suffix
> > and cross-public-suffix,
>
> Why do we need to bring public suffix into this? That seems like a bad
> idea.
>
> I agree with Brian that we want to differentiate subresources from
> "navigation" (client fetches?). Service workers also need that
> distinction, perhaps we should come up with some kind of definition
> based on request contexts. (For that we also need to resolve that
> dedicated worker question I posed a while back.)
>
>
> --
> https://annevankesteren.nl/
>
Received on Monday, 10 November 2014 10:32:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC