- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 24 Oct 2014 17:50:04 +1100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WebAppSec WG <public-webappsec@w3.org>
> On 24 Oct 2014, at 5:41 pm, Anne van Kesteren <annevk@annevk.nl> wrote: > > On Fri, Oct 24, 2014 at 7:29 AM, Mark Nottingham <mnot@mnot.net> wrote: >> Has this been discussed yet? > > The main problem with the current setup is that popular properties > such as Google and Twitter use a non-TLS redirect origin so they get > referrer credits. I don't know if a policy of origin would be > sufficient for them however. *nod* I think the issue here is that the replacement for a hack (that works) is a more general, less precise mechanism. Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Friday, 24 October 2014 06:50:32 UTC