[whatwg] Feedback on Meta referrer

On Thu, Jan 26, 2012 at 1:46 AM, David Bruant <bruant.d at gmail.com> wrote:
> Le 26/01/2012 10:35, Boris Zbarsky a ?crit :
>> On 1/26/12 9:12 AM, Adam Barth wrote:
>>>>
>>>> Should the speculative parser have knowledge of<meta name=referrer>?
>>>
>>> That's not what's currently specified. ?Like many other browser
>>> features, this feature lets web sites detect that the browser is
>>> speculatively prefetching resources. ?If that's a big issue, it's
>>> something we can try to address.
>>
>> It seems like a bigger problem is that if speculative prefetches don't
>> know about this <meta> then they will leak the referrer, which is something
>> the site did NOT want to happen.
>
> A radically different approach that websites could take to express not
> wanting the referrer to be sent on requests for a given page would be
> sending a specific HTTP header in the response. This way, the user agent
> would know what the intention is before having to read any <meta> header and
> could do the prefetches without sending the referrer.

Indeed.  I plan to propose this as a directive for CSP 1.1.

Adam

Received on Thursday, 26 January 2012 01:48:18 UTC