- From: Sid Stamm <sid@mozilla.com>
- Date: Mon, 11 May 2015 15:00:15 -0400
- To: Mike West <mkwst@google.com>
- Cc: Jerry Qu <quguangyu@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
So to be absolutely clear, this means there should always be a dash between "cross" and "origin" in the referrer policy tokens, right? -Sid On Mon, May 11, 2015 at 8:23 AM, Mike West <mkwst@google.com> wrote: > On Sat, May 9, 2015 at 6:00 AM, Jerry Qu <quguangyu@gmail.com> wrote: >> >> And after my test on the Chrome 42, only the 'origin-when-crossorigin' >> directive will work both on CSP and <meta>. >> >> Is Chrome wrong? > > > Yup. Typos are fun. Thanks for the bug report! > > I've fixed the spec in > https://github.com/w3c/webappsec/commit/c992d5cd9c93eaa509ee499efd7ef8f5ab9811d8; > I'll upload a patch for Chrome later today. > > -mike > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, > Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: > Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 11 May 2015 19:00:43 UTC