I have to admit I'm kinda lost in this discussion. Let me try to rephrase
my original proposal.
Problem: some network loads include a referrer header, but there is no spec
that actually details where this header comes from (i.e. does not integrate
with Fetch currently)
Proposal: for these loads, specify in the referrer spec that if the
referrer came from a JavaScript global environment, the referrer policy of
that global environment should be taken into account. Otherwise, the
default referrer policy should be used.
does that make sense?
On Wed, Sep 30, 2015 at 9:53 PM Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 9/30/15 2:20 PM, Jochen Eisinger wrote:
> > what i'm saying is that at least blink uses the URL at the point the
> > stylesheet was loaded. So it would be odd to use the referrer policy
> > from when the font is loaded.
>
> No odder than using the referrer policy of the document to start with.
>
> > Of course, a possible alternative would be to use the url and policy
> > from when the font is loaded.
>
> You say "the url"... but there are two conceivable sources of referrer
> url: stylesheet and document.
>
> > If the CSS spec actually said what referrer to use, it would be easy to
> > figure out what policy to use.
>
> Perhaps. More precisely, if the CSS spec said which referrer policy to
> use...
>
> > what I mean is that when you insert a stylesheet, and then use
> > history.pushState to modify the document's URL, a subsequent font load
> > will get the referrer url from when the stylesheet was inserted (in
> Blink).
>
> Does the font load get the _document_ URL or the _stylesheet_ URL as the
> referrer?
>
> > I guess the best we can do here (without defining what CSS loads should
> > do) is saying that for loads of CSS resources, the referrer policy
> > should come from wherever the referrer came from.
>
> That's not very helpful, since there is no way to define a referrer
> policy for a stylesheet, right?
>
> -Boris
>
>