W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [referrer] HTTPS->HTTP

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 24 Oct 2014 08:41:13 +0200
Message-ID: <CADnb78hQ-QafugRAVrWw6F90pNNy2fTewa8oxLqCd3CNFV64dQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Fri, Oct 24, 2014 at 7:29 AM, Mark Nottingham <mnot@mnot.net> wrote:
> Has this been discussed yet?

The main problem with the current setup is that popular properties
such as Google and Twitter use a non-TLS redirect origin so they get
referrer credits. I don't know if a policy of origin would be
sufficient for them however.

Received on Friday, 24 October 2014 06:41:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC