On 19/04/16 10:05 PM, Brad Hill wrote: > I would definitely be against changing the meaning of the existing > policy states to break sending referrers across https->http transitions, > since that was the biggest motivating use case for the feature, and it > is very inconvenient to have to do browser sniffing and send different > policies that sometimes say the same thing but mean different things > across different UAs and different versions of the same UA. > > Who will be the "customers" for these new states that we think it is a > good idea to break / force change on the existing users? Renaming the existing states so that the spec is safe-by-default is a separate issue from adding the new states. We could for example, add: safe-origin safe-origin-when-cross-origin instead of renaming: origin -> unsafe-origin origin-when-cross-origin -> unsafe-origin-when-cross-origin FrancoisReceived on Wednesday, 20 April 2016 15:11:11 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:55 UTC