W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2016

(unknown charset) Re: [REFERRER] Call for Consensus: Referrer Policy to Candidate Recommenation

From: (unknown charset) Evan J Johnson < >
Date: Sun, 16 Oct 2016 01:13:48 -0700
Message-Id: <1476605628.217059.757326937.4B5FFD5D@webmail.messagingengine.com>
To: (unknown charset) public-webappsec@w3.org
Glad to see this is being finished!

I'm curious the order of precedence of the 5 different ways to set a
referrer policy.

This is very confusing in my opinion (something I will begin to say
about a lot of specs). The spec reads like the following is possible,
unless I'm missing something:

1. Blanket referrer policy set by header.
2. Different referrer policy set by meta tag.
3. Third policy as an attribute.

I would assume the the most specific policy would win, in this case the
noreferrer attribute, but which policy wins out of 1 and 2?

evan



On Sat, Oct 15, 2016, at 09:18 PM, Emily Stark wrote:
> This is a call for consensus of the WebAppSec WG to request
> advancement of Referrer Policy to Candidate Recommendation.
>
> The text for the proposed CR draft is to be the Editor's Draft at:
> https://w3c.github.io/webappsec-referrer-policy/
>
> This call for consensus will expire on 23-October-2016. Positive
> feedback is encouraged and lack of feedback is considered "no
> objection". Please send feedback to: public-webappsec@w3.org with a
> subject line beginning with '[REFERRER]'.
>
> Thanks,
> Emily
Received on Sunday, 16 October 2016 08:15:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:58 UTC