[REFERRER] origin-when-crossorigin OR origin-when-cross-origin from Jerry Qu on 2015-05-09 (public-webappsec@w3.org from May 2015)

From: Jerry Qu <quguangyu@gmail.com>
Date: Sat, 9 May 2015 12:00:41 +0800
To: public-webappsec@w3.org
Message-ID: <CAGGh6wzCEV9MOk8FVAFYeh0bSGT-brFTtDYHju1Oxy+Mt=csMQ@mail.gmail.com>

When I am learning Referrer Policy
(https://w3c.github.io/webappsec/specs/referrer-policy/) this week,

I have a confusion on the "Origin When Cross-Origin States":

In [4.1. Delivery via CSP], the directive-value is 'origin-when-cross-origin'.
https://w3c.github.io/webappsec/specs/referrer-policy/#directive-referrer

and in [4.2. Delivery via meta], the content's value is
'origin-when-crossorigin'.
https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-delivery-meta

Why there is a dash between 'cross' and 'origin' via CSP, and not the
same via <meta>?

And after my test on the Chrome 42, only the 'origin-when-crossorigin'
directive will work both on CSP and <meta>.

Is Chrome wrong?

Received on Monday, 11 May 2015 10:21:12 UTC