W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: [REFERRER] policy inheritance via javascript: URI and new document

From: Jochen Eisinger <eisinger@google.com>
Date: Mon, 27 Apr 2015 15:32:17 +0000
Message-ID: <CALjhuidkycF0Q8SF0HEV7VRKEXKk-YONSw4C5XZEyrh5bQ6d7A@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>, Sid Stamm <sid@mozilla.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Mon, Apr 27, 2015 at 5:19 AM Anne van Kesteren <annevk@annevk.nl> wrote:

> On Fri, Apr 24, 2015 at 3:13 PM, Sid Stamm <sid@mozilla.com> wrote:
> > So what do you think?  Copy the referrer policy or not?  I'm leaning
> > towards not, since we're creating a new document and the policy,
> > delivered via HTML tag or CSP, is kind of associated with the document
> > (not the principal).
>
> I think we should copy since before that new top-level browsing
> context is navigated, it's about:blank and could not have a meaningful
> policy set in any kind of way.
>

you could still run some script on about:blank that inserts a meta tag


>
>
> --
> https://annevankesteren.nl/
>
>
Received on Monday, 27 April 2015 15:32:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:12 UTC