On Fri, May 1, 2015 at 5:22 AM, Sid Stamm <sid@mozilla.com> wrote:
> This all sounds to me like a good direction.
>
> 1. Align referrer policy with CSP propagation and reuse
> 2. make sure about:blank inherits.
>
I think that's a reasonable conclusion.
> How do we best capture this in the spec? Would it make sense to
> actually call out that it's inherited with *any* inherited script
> security context, or address about:blank specifically?
>
What inheritance cases beyond `about:blank` are you worried about?
I'll take a stab at rewriting the relevant bits of the spec in the vaguely
near future: https://github.com/w3c/webappsec/issues/328.
-mike
--
Mike West <mkwst@google.com>, @mikewest
Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)