W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2016

Re: [referrer] Providing safer policy states

From: Learner <learner@fastmail.com>
Date: Thu, 07 Apr 2016 23:46:03 +0100
Message-Id: <1460069163.2421014.572339521.2063BC55@webmail.messagingengine.com>
To: public-webappsec@w3.org
I think there should also be a policy for full, full, origin. This would
be similar to the default policy of giving sites linked to the full url,
but also allow downgrade sites to see the origin, which someone
observing network traffic can already see (although it would provide
information linking it to the HTTP page being viewed, it would be useful
unless the site is particularly sensitive).
Received on Friday, 8 April 2016 10:20:02 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:19 UTC