W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: [REFERRER] policy inheritance via javascript: URI and new document

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 27 Apr 2015 05:16:58 +0200
Message-ID: <CADnb78jQHXA9Vced2Xr1hG1bq96VxP7hwGC8gmka+JU3Rq317g@mail.gmail.com>
To: Sid Stamm <sid@mozilla.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Fri, Apr 24, 2015 at 3:13 PM, Sid Stamm <sid@mozilla.com> wrote:
> So what do you think?  Copy the referrer policy or not?  I'm leaning
> towards not, since we're creating a new document and the policy,
> delivered via HTML tag or CSP, is kind of associated with the document
> (not the principal).

I think we should copy since before that new top-level browsing
context is navigated, it's about:blank and could not have a meaningful
policy set in any kind of way.

Received on Monday, 27 April 2015 03:17:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC