W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: Early morning thoughts on referrers.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 10 Nov 2014 11:36:20 +0100
Message-ID: <CADnb78ij1Lsb0XPM7L7kX7aWbMwqKYsD45yjZKg-29w8L8xEag@mail.gmail.com>
To: Jochen Eisinger <eisinger@google.com>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Brian Smith <brian@briansmith.org>
On Mon, Nov 10, 2014 at 11:32 AM, Jochen Eisinger <eisinger@google.com> wrote:
> I'm not sure that introducing additional complexity into the referrer policy
> spec is worthwhile. I see the referrer policy as working around some
> short-comings for websites moving to https, but I don't think that referrers
> in general are such a great feature that we should make it more compelling
> to use.

I don't necessarily disagree with that. But the last time this came up
the question was raised whether those sites are concerned about not
being exposed through navigation or not being exposed through either
navigation or subresources.

If it is only about navigation, it seems unfortunate to also leak the
URL through potentially unsafe subresources.


-- 
https://annevankesteren.nl/
Received on Monday, 10 November 2014 10:36:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC