On Fri, May 1, 2015 at 5:22 AM, Sid Stamm <sid@mozilla.com> wrote: > This all sounds to me like a good direction. > > 1. Align referrer policy with CSP propagation and reuse > 2. make sure about:blank inherits. > I think that's a reasonable conclusion. > How do we best capture this in the spec? Would it make sense to > actually call out that it's inherited with *any* inherited script > security context, or address about:blank specifically? > What inheritance cases beyond `about:blank` are you worried about? I'll take a stab at rewriting the relevant bits of the spec in the vaguely near future: https://github.com/w3c/webappsec/issues/328. -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 1 May 2015 14:40:07 UTC