W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

[referrer] Should referrer policy change value of the Origin header?

From: Brad Hill <hillbrad@gmail.com>
Date: Tue, 02 Feb 2016 05:15:27 +0000
Message-ID: <CAEeYn8isku0RSWuH=kSZ+A2ZSf5fkvU4At5nDpOLat2q7EAU4A@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
I note that most recent Chrome will change the value of the Origin header
on, e.g. a same-origin POST to "null" if there is a meta-referrer policy of
'never' or 'no-referrer'.

Should it do this?  Seems possibly logical, but there is no mention of this
in the spec...

(Firefox, to my continuing sadness, doesn't send Origin on POST at all.)

-Brad
Received on Tuesday, 2 February 2016 05:16:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC