W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

[referrer] Should referrer policy change value of the Origin header?

From: Brad Hill <hillbrad@gmail.com>
Date: Tue, 02 Feb 2016 05:15:27 +0000
Message-ID: <CAEeYn8isku0RSWuH=kSZ+A2ZSf5fkvU4At5nDpOLat2q7EAU4A@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
I note that most recent Chrome will change the value of the Origin header
on, e.g. a same-origin POST to "null" if there is a meta-referrer policy of
'never' or 'no-referrer'.

Should it do this?  Seems possibly logical, but there is no mention of this
in the spec...

(Firefox, to my continuing sadness, doesn't send Origin on POST at all.)

Received on Tuesday, 2 February 2016 05:16:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC