Re: [REFERRER] policy inheritance via javascript: URI and new document

On Fri, May 1, 2015 at 5:22 AM, Sid Stamm <> wrote:

> This all sounds to me like a good direction.
> 1. Align referrer policy with CSP propagation and reuse
> 2. make sure about:blank inherits.

I think that's a reasonable conclusion.

> How do we best capture this in the spec?  Would it make sense to
> actually call out that it's inherited with *any* inherited script
> security context, or address about:blank specifically?

What inheritance cases beyond `about:blank` are you worried about?

I'll take a stab at rewriting the relevant bits of the spec in the vaguely
near future:


Mike West <>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Friday, 1 May 2015 14:40:07 UTC