W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

[REFERRER] origin-when-crossorigin OR origin-when-cross-origin

From: Jerry Qu <quguangyu@gmail.com>
Date: Sat, 9 May 2015 12:00:41 +0800
Message-ID: <CAGGh6wzCEV9MOk8FVAFYeh0bSGT-brFTtDYHju1Oxy+Mt=csMQ@mail.gmail.com>
To: public-webappsec@w3.org
When I am learning Referrer Policy
(https://w3c.github.io/webappsec/specs/referrer-policy/) this week,

I have a confusion on the "Origin When Cross-Origin States":

In [4.1. Delivery via CSP], the directive-value is 'origin-when-cross-origin'.
https://w3c.github.io/webappsec/specs/referrer-policy/#directive-referrer

and in [4.2. Delivery via meta], the content's value is
'origin-when-crossorigin'.
https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-delivery-meta

Why there is a dash between 'cross' and 'origin' via CSP, and not the
same via <meta>?

And after my test on the Chrome 42, only the 'origin-when-crossorigin'
directive will work both on CSP and <meta>.

Is Chrome wrong?
Received on Monday, 11 May 2015 10:21:12 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC