Re: referrer policy questions from Boris Zbarsky on 2014-10-20 (public-webappsec@w3.org from October 2014)

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Mon, 20 Oct 2014 14:11:35 -0400
To: public-webappsec@w3.org
Message-ID: <54455057.4030900@mit.edu>

On 10/20/14, 2:03 PM, Mike West wrote:
> https://github.com/w3c/webappsec/commit/0a263697170b88524c0be685a54f16711a6a0e14

This uses the phrase "case-insensitive match" without defining what you 
mean.  That's not a great idea, since it can mean a number of different 
things in different contexts.

I suggest using 
https://html.spec.whatwg.org/multipage/infrastructure.html#ascii-case-insensitive 
here.

> Thanks, Sid! These are good suggestions (and I think they match what
> Blink/WebKit implemented).

It's worth adding testcases to verify that, esp. for the case 
insensitive bit.  For example, add tests that would match according to 
<https://html.spec.whatwg.org/multipage/infrastructure.html#compatibility-caseless> 
but not according to 
<https://html.spec.whatwg.org/multipage/infrastructure.html#ascii-case-insensitive>.

-Boris

Received on Monday, 20 October 2014 18:12:07 UTC