Re: [REFERRER] policy inheritance via javascript: URI and new document

On Fri, May 1, 2015 at 5:22 AM, Sid Stamm <sid@mozilla.com> wrote:

> This all sounds to me like a good direction.
>
> 1. Align referrer policy with CSP propagation and reuse
> 2. make sure about:blank inherits.
>

I think that's a reasonable conclusion.


> How do we best capture this in the spec?  Would it make sense to
> actually call out that it's inherited with *any* inherited script
> security context, or address about:blank specifically?
>

What inheritance cases beyond `about:blank` are you worried about?

I'll take a stab at rewriting the relevant bits of the spec in the vaguely
near future: https://github.com/w3c/webappsec/issues/328.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Friday, 1 May 2015 14:40:07 UTC