W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: Referrer value for resources fetched from CSS

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Wed, 30 Sep 2015 11:36:07 -0400
To: Jochen Eisinger <eisinger@google.com>, Anne van Kesteren <annevk@annevk.nl>
Cc: Tanvi Vyas <tanvi@mozilla.com>, Mike West <mkwst@google.com>, Yoav Weiss <yoav@yoav.ws>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <560C0167.2050504@mit.edu>
On 9/30/15 11:33 AM, Jochen Eisinger wrote:
> so what if one document references a stylesheet that references a font,
> but the document doesn't use it.
>
> now another document (will different referrer policy) references the
> same stylesheet, and actually uses the font.
>
> The referrer is the stylesheet. what should the policy be?

In my opinion, the policy of the second document.  Which should be fine, 
as long as the server properly sends "Vary: referrer" in cases in which 
it actually cares about the referrer (good luck to us with that).

Why does it even matter that another document referenced the "same" 
stylesheet? The two documents have distinct stylesheet objects...

-Boris
Received on Wednesday, 30 September 2015 15:36:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC