Re: [REFERRER] policy inheritance via javascript: URI and new document

On Mon, Apr 27, 2015 at 5:19 AM Anne van Kesteren <annevk@annevk.nl> wrote:

> On Fri, Apr 24, 2015 at 3:13 PM, Sid Stamm <sid@mozilla.com> wrote:
> > So what do you think?  Copy the referrer policy or not?  I'm leaning
> > towards not, since we're creating a new document and the policy,
> > delivered via HTML tag or CSP, is kind of associated with the document
> > (not the principal).
>
> I think we should copy since before that new top-level browsing
> context is navigated, it's about:blank and could not have a meaningful
> policy set in any kind of way.
>

you could still run some script on about:blank that inserts a meta tag


>
>
> --
> https://annevankesteren.nl/
>
>

Received on Monday, 27 April 2015 15:32:46 UTC