W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2011

[whatwg] <meta name="referrer">

From: Glenn Maynard <glenn@zewt.org>
Date: Tue, 25 Oct 2011 23:41:46 -0400
Message-ID: <CABirCh9yB5+OTgM+tzFTJn2RjvySEQDw3sBcE5HwWxtdOe76Dg@mail.gmail.com>
On Tue, Oct 25, 2011 at 9:16 PM, Adam Barth <w3c at adambarth.com> wrote:

> That's an interesting idea.  It certainly integrates the two features
> better.  We might need to iterate on the names a bit though.
>
> It's a bit strange to have two levels of defaults.  For example,
> suppose you have <meta name="referrer" content="noreferrer"> but then
> <a rel="defaultreferrer">.  That's like overriding the one level of
> default to get to a "more" default behavior.
>

This goes away if you call it "standard referrer" or something like that.
Maybe just "referrer"?

("referer-origin", "referer-always", etc. is nicer, but then it looks like
something distinct from "noreferer" instead of items in the same set.)

 > Are implementors really willing to implement a feature that allows
> disabling
> > referrers for non-links, though?  I'm pretty sure rel=noreferrer's
> > links-only limitation is by design.
>
> I'm an implementor, and I'm interested in implementing this feature.  :)
>

It would fully break the basic use cases of Referer--being able to tell what
server is inlining resources on your server and causing it to be hammered,
and being able to do something about it.  "rel=originreferer" mode doesn't
have that problem, though.

By the way, does this need to consider CORS and the Origin header for <img
cross-origin>?  I'm not fresh on how that works.

-- 
Glenn Maynard
Received on Tuesday, 25 October 2011 20:41:46 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:37 UTC