Re: [REFERRER] origin-when-crossorigin OR origin-when-cross-origin from Mike West on 2015-05-11 (public-webappsec@w3.org from May 2015)

From: Mike West <mkwst@google.com>
Date: Mon, 11 May 2015 14:23:15 +0200
To: Jerry Qu <quguangyu@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=dmjPVJVYFbkHOr=P=dHvRiPs7UUW=SzKtqHehp3sTXgQ@mail.gmail.com>

On Sat, May 9, 2015 at 6:00 AM, Jerry Qu <quguangyu@gmail.com> wrote:

> And after my test on the Chrome 42, only the 'origin-when-crossorigin'
> directive will work both on CSP and <meta>.
>
> Is Chrome wrong?
>

Yup. Typos are fun. Thanks for the bug report!

I've fixed the spec in
https://github.com/w3c/webappsec/commit/c992d5cd9c93eaa509ee499efd7ef8f5ab9811d8;
I'll upload a patch for Chrome later today.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Monday, 11 May 2015 12:24:05 UTC