W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

Re: [REFERRER] origin-when-crossorigin OR origin-when-cross-origin

From: Sid Stamm <sid@mozilla.com>
Date: Mon, 11 May 2015 15:00:15 -0400
Message-ID: <CAP=NJFPfcq2=47k_BNDJ-qKmwFS1GX0nghZ72nqFoyTwVurGyw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Jerry Qu <quguangyu@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
So to be absolutely clear, this means there should always be a dash
between "cross" and "origin" in the referrer policy tokens, right?

-Sid

On Mon, May 11, 2015 at 8:23 AM, Mike West <mkwst@google.com> wrote:
> On Sat, May 9, 2015 at 6:00 AM, Jerry Qu <quguangyu@gmail.com> wrote:
>>
>> And after my test on the Chrome 42, only the 'origin-when-crossorigin'
>> directive will work both on CSP and <meta>.
>>
>> Is Chrome wrong?
>
>
> Yup. Typos are fun. Thanks for the bug report!
>
> I've fixed the spec in
> https://github.com/w3c/webappsec/commit/c992d5cd9c93eaa509ee499efd7ef8f5ab9811d8;
> I'll upload a patch for Chrome later today.
>
> -mike
>
> --
> Mike West <mkwst@google.com>, @mikewest
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany,
> Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft:
> Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 11 May 2015 19:00:43 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC