FYI: Pending PRs allowing tightening the default referrer policy from David Van Cleve on 2019-10-15 (public-webappsec@w3.org from October 2019)

From: David Van Cleve <davidvc@chromium.org>
Date: Tue, 15 Oct 2019 15:11:30 -0400
To: public-webappsec@w3c.org
Message-ID: <CAMeJureNB-jQfms7Ys02WN=gDMvhT8wTtN6Gy+1_ExQo_u4hDQ@mail.gmail.com>

FYI, my colleague Mike West has submitted some PRs to the Fetch
<https://github.com/whatwg/fetch/pull/952> and Referrer Policy
<https://github.com/w3c/webappsec-referrer-policy/pull/125> specs to give
browsers more latitude to set their own, more secure, default referrer
policies.

This is concurrent with our pending change to move Chrome's default
referrer policy to strict-origin-to-cross-origin (please find the I2I on
blink-dev) and follows some other recent prior discussion
<https://github.com/w3c/webappsec-referrer-policy/issues/121> about
changing the specs' treatment of referrer policy defaults.

Cheers,

David Van Cleve
Google

Received on Wednesday, 16 October 2019 02:01:29 UTC