W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2017

Re: advance Referrer Policy?

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 24 Aug 2017 08:41:21 -0700
Message-ID: <CADYDTCAkAR2V04=jiYJrqQTTcYO28KG6G7TC2OSo4UTLJ3Np+g@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Angelo Liao <huliao@microsoft.com>, Emily Stark <estark@google.com>, Franziskus Kiefer <fkiefer@mozilla.com>, Jochen Eisinger <eisinger@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Christoph Kerschbaumer <ckerschbaumer@mozilla.com>
On Tue, Aug 8, 2017 at 11:53 PM, Mike West <mkwst@google.com> wrote:

> Hrm. I don’t think that removing the expectations for CSS-initiated
> fetches is the right solution. We need to describe the way those fetches
> ought to work, and AFAIK, Boris and Jochen put a good amount of effort into
> coming up with the set of requirements in the document.
> ​​
> If the group thinks that those are the right requirements, I’d prefer to
> see implementations align themselves to that agreement rather than throwing
> it overboard and leaving the behavior undefined.
>

​100% agreed: must not be undefined. The spec rules are reasonable​. (The
only other choice that would make any sense would be for stylesheets to
inherit the referrer policy from the document.) Mozilla won't likely have
someone free to work on this for several months.

-
​Dan Veditz​
Received on Thursday, 24 August 2017 15:42:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:23 UTC