Re: [referrer] Providing safer policy states from Learner on 2016-04-07 (public-webappsec@w3.org from April 2016)

From: Learner <learner@fastmail.com>
Date: Thu, 07 Apr 2016 23:46:03 +0100
To: public-webappsec@w3.org
Message-Id: <1460069163.2421014.572339521.2063BC55@webmail.messagingengine.com>

I think there should also be a policy for full, full, origin. This would
be similar to the default policy of giving sites linked to the full url,
but also allow downgrade sites to see the origin, which someone
observing network traffic can already see (although it would provide
information linking it to the HTTP page being viewed, it would be useful
unless the site is particularly sensitive).

Received on Friday, 8 April 2016 10:20:02 UTC