W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2016

Re: [REFERRER] Combining referrer policies

From: Daniel Veditz <dveditz@mozilla.com>
Date: Wed, 29 Jun 2016 10:01:05 -0700
Message-ID: <CADYDTCAZaeSCVT4qvXgNC-7Ackux7zUv4eQCqp898gUhVfr2Yg@mail.gmail.com>
To: Ryan Townsend <ryan@ryantownsend.co.uk>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
We've discussed this and combined tags was rejected in favor of a simpler
system that (currently) doesn't cover all possible states but does make it
impossible to create conflicting combinations. The Mozilla team in
particular felt the lack of options to prevent leakage over insecure
channels and have proposed 3 new states:
https://github.com/w3c/webappsec-referrer-policy/pull/19
https://github.com/w3c/webappsec-referrer-policy/issues/50

-Dan Veditz
Received on Wednesday, 29 June 2016 17:01:35 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC