- From: Learner <learner@fastmail.com>
- Date: Thu, 07 Apr 2016 23:46:03 +0100
- To: public-webappsec@w3.org
I think there should also be a policy for full, full, origin. This would be similar to the default policy of giving sites linked to the full url, but also allow downgrade sites to see the origin, which someone observing network traffic can already see (although it would provide information linking it to the HTTP page being viewed, it would be useful unless the site is particularly sensitive).
Received on Friday, 8 April 2016 10:20:02 UTC