- From: Evan J Johnson <e@ejj.io>
- Date: Sun, 16 Oct 2016 01:13:48 -0700
- To: public-webappsec@w3.org
- Message-Id: <1476605628.217059.757326937.4B5FFD5D@webmail.messagingengine.com>
Glad to see this is being finished! I'm curious the order of precedence of the 5 different ways to set a referrer policy. This is very confusing in my opinion (something I will begin to say about a lot of specs). The spec reads like the following is possible, unless I'm missing something: 1. Blanket referrer policy set by header. 2. Different referrer policy set by meta tag. 3. Third policy as an attribute. I would assume the the most specific policy would win, in this case the noreferrer attribute, but which policy wins out of 1 and 2? evan On Sat, Oct 15, 2016, at 09:18 PM, Emily Stark wrote: > This is a call for consensus of the WebAppSec WG to request > advancement of Referrer Policy to Candidate Recommendation. > > The text for the proposed CR draft is to be the Editor's Draft at: > https://w3c.github.io/webappsec-referrer-policy/ > > This call for consensus will expire on 23-October-2016. Positive > feedback is encouraged and lack of feedback is considered "no > objection". Please send feedback to: public-webappsec@w3.org with a > subject line beginning with '[REFERRER]'. > > Thanks, > Emily
Received on Sunday, 16 October 2016 08:15:33 UTC