Re: advance Referrer Policy? from Daniel Veditz on 2017-08-24 (public-webappsec@w3.org from August 2017)

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 24 Aug 2017 08:41:21 -0700
To: Mike West <mkwst@google.com>
Cc: Angelo Liao <huliao@microsoft.com>, Emily Stark <estark@google.com>, Franziskus Kiefer <fkiefer@mozilla.com>, Jochen Eisinger <eisinger@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Christoph Kerschbaumer <ckerschbaumer@mozilla.com>
Message-ID: <CADYDTCAkAR2V04=jiYJrqQTTcYO28KG6G7TC2OSo4UTLJ3Np+g@mail.gmail.com>

On Tue, Aug 8, 2017 at 11:53 PM, Mike West <mkwst@google.com> wrote:

> Hrm. I don’t think that removing the expectations for CSS-initiated
> fetches is the right solution. We need to describe the way those fetches
> ought to work, and AFAIK, Boris and Jochen put a good amount of effort into
> coming up with the set of requirements in the document.
> 
> If the group thinks that those are the right requirements, I’d prefer to
> see implementations align themselves to that agreement rather than throwing
> it overboard and leaving the behavior undefined.
>

100% agreed: must not be undefined. The spec rules are reasonable. (The
only other choice that would make any sense would be for stylesheets to
inherit the referrer policy from the document.) Mozilla won't likely have
someone free to work on this for several months.

-
Dan Veditz

Received on Thursday, 24 August 2017 15:42:04 UTC