W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [referrer] HTTPS->HTTP

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 24 Oct 2014 17:50:04 +1100
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-Id: <3CC34B69-950D-4E8D-BA2B-253B15024484@mnot.net>
To: Anne van Kesteren <annevk@annevk.nl>

> On 24 Oct 2014, at 5:41 pm, Anne van Kesteren <annevk@annevk.nl> wrote:
> 
> On Fri, Oct 24, 2014 at 7:29 AM, Mark Nottingham <mnot@mnot.net> wrote:
>> Has this been discussed yet?
> 
> The main problem with the current setup is that popular properties
> such as Google and Twitter use a non-TLS redirect origin so they get
> referrer credits. I don't know if a policy of origin would be
> sufficient for them however.

*nod*

I think the issue here is that the replacement for a hack (that works) is a more general, less precise mechanism.

Cheers,


--
Mark Nottingham   https://www.mnot.net/
Received on Friday, 24 October 2014 06:50:32 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC