- From: Jochen Eisinger <eisinger@google.com>
- Date: Mon, 27 Apr 2015 15:32:17 +0000
- To: Anne van Kesteren <annevk@annevk.nl>, Sid Stamm <sid@mozilla.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
Received on Monday, 27 April 2015 15:32:46 UTC
On Mon, Apr 27, 2015 at 5:19 AM Anne van Kesteren <annevk@annevk.nl> wrote: > On Fri, Apr 24, 2015 at 3:13 PM, Sid Stamm <sid@mozilla.com> wrote: > > So what do you think? Copy the referrer policy or not? I'm leaning > > towards not, since we're creating a new document and the policy, > > delivered via HTML tag or CSP, is kind of associated with the document > > (not the principal). > > I think we should copy since before that new top-level browsing > context is navigated, it's about:blank and could not have a meaningful > policy set in any kind of way. > you could still run some script on about:blank that inserts a meta tag > > > -- > https://annevankesteren.nl/ > >
Received on Monday, 27 April 2015 15:32:46 UTC