- From: Yoav Weiss <yoav@yoav.ws>
- Date: Tue, 8 Sep 2015 13:01:49 +0200
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Tuesday, 8 September 2015 11:02:18 UTC
Hi, When going through the definitions and values of the Referer header in the referrer policy <https://w3c.github.io/webappsec/specs/referrer-policy/> spec, I see that the "No referrer when downgrade" policy (which is the default) is defined as "sends a full URL", but it's not clear to me what that URL should be. My default assumption would be that it is the URL of the settings object/main document. However, when looking at font resources fetched cross-origin that were defined by an external stylesheet, I see that the "referer" value is that of the stylesheet, rather than that of the main document, in both Firefox and Chrome. So, I guess my questions are: * Are I missing something regarding the definitions? Is an external stylesheet defined as a settings object of its own? * When the referrer policy is defined as "origin", what should the referer on such a font resource be? Cheers :) Yoav
Received on Tuesday, 8 September 2015 11:02:18 UTC