W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2015

Re: Referrer value for resources fetched from CSS

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Wed, 7 Oct 2015 10:25:27 -0400
To: Jochen Eisinger <eisinger@google.com>, Anne van Kesteren <annevk@annevk.nl>
Cc: Tanvi Vyas <tanvi@mozilla.com>, Mike West <mkwst@google.com>, Yoav Weiss <yoav@yoav.ws>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <56152B57.7030106@mit.edu>
On 10/7/15 10:19 AM, Jochen Eisinger wrote:
> 1) create a stylesheet, update the referrer URL (using the history API),
> insert an element that matches a rule which loads an external resource
> Here, Chrome and Firefox use the URL from before the history API
> modifications.

So just to make sure we're talking about the same thing, you were using 
a <style> element here, not a <link> element?

> I think in any case, referrer and referrer policy should behave the
> same. Anne raised the point on IRC that it's odd to ignore changes, so I
> propose to spec that both the referrer URL as well as the referre! r
> policy from when the network request is triggered should be used.

I think we should be clear on whether we're talking about the <style> 
element case, the <link> element case, or the @import case.  We should 
specify behavior for all of these.

Received on Wednesday, 7 October 2015 14:26:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC