W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: [Referrer] Adding a referrer attribute delivery mechanism

From: Brian Smith <brian@briansmith.org>
Date: Wed, 11 Feb 2015 22:35:05 -0800
Message-ID: <CAFewVt62aDL4f8eegRS7nYq9d5KdqggM5aZBhW+c1Z8ryBYr-A@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Martin Thomson <martin.thomson@gmail.com> wrote:
> On 12 February 2015 at 17:15, Brian Smith <brian@briansmith.org> wrote:
>> Also, it needs to be defined what happens when the link has <a
>> rel=noreferrer referrer=unsafe-url>. I suggest specifying that the
>> rel=noreferrer takes precedence.
> Precedence, or lower of both values?

The only rel value we have for controlling referrer now is
"noreferrer." If we add this referrer attribute, we have no reason to
add any new rel values for controlling referrer. So, it doesn't matter
whether rel=noreferrer takes precedence or we take the lower of both
values, because both result in "none".

To be crystal clear, in my proposal [1] I suggested adding
rel=originreferrer, but I think adding the referrer attribute is a
better alternative to doing that.


[1] https://briansmith.org/referrer-01
Received on Thursday, 12 February 2015 06:35:32 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC