W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: Referrer value for resources fetched from CSS

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 30 Sep 2015 17:29:48 +0200
Message-ID: <CADnb78gr_EDShJsNAGgYXDykcVp7hc9r=-MzGp3mb81OnRR52g@mail.gmail.com>
To: Jochen Eisinger <eisinger@google.com>
Cc: Tanvi Vyas <tanvi@mozilla.com>, Mike West <mkwst@google.com>, Yoav Weiss <yoav@yoav.ws>, Boris Zbarsky <bzbarsky@mit.edu>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Sep 30, 2015 at 5:21 PM, Jochen Eisinger <eisinger@google.com> wrote:
> Tanvi, what referrer policy does Firefox use for cross origin css docs? I
> think in Blink, I use the CSS doc as referrer URL, and the referrer policy
> from the document that imported this CSS doc (which actually seems kinda
> odd).
> Maybe it was more consistent to use the default referrer policy in that
> case?

I think using the referrer policy from the environment settings object
(from the document that the CSS is associated with, CSS itself doesn't
have one) is reasonable. CSS could always override this if they wanted
to at some point by using a referrer policy associated with the
requests they make.

Received on Wednesday, 30 September 2015 15:30:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC