Re: Referrer value for resources fetched from CSS

On Mon, Oct 5, 2015 at 4:32 PM Anne van Kesteren <annevk@annevk.nl> wrote:

> On Mon, Oct 5, 2015 at 4:23 PM, Jochen Eisinger <eisinger@google.com>
> wrote:
> > Problem: some network loads include a referrer header, but there is no
> spec
> > that actually details where this header comes from (i.e. does not
> integrate
> > with Fetch currently)
> >
> > Proposal: for these loads, specify in the referrer spec that if the
> referrer
> > came from a JavaScript global environment, the referrer policy of that
> > global environment should be taken into account. Otherwise, the default
> > referrer policy should be used.
> >
> > does that make sense?
>
> It seems suboptimal. I think it would be better for stylesheets to use
> the referrer policy of their associated document. When you change the
> referrer policy for a given document, e.g., to none, you wouldn't want
> stylesheets to still leak the referrer through image fetches or some
> such.
>
>
that would magically happen if stylesheets used fetch...

>
> --
> https://annevankesteren.nl/
>

Received on Monday, 5 October 2015 14:35:01 UTC