- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 19 Mar 2013 07:20:33 -0400
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: WHATWG <whatwg@whatwg.org>
On Mon, Mar 18, 2013 at 3:57 PM, Jonas Sicking <jonas@sicking.cc> wrote: > By not including cookies or other login information you are already > forcing the capability model since you can't tell the connection from > one that is server-to-server. > > Including the referrer header, at least by default, seems very useful > still since there is lots of infrastructure in servers which are using > those for logging purposes. I don't disagree, but they wanted to avoid exposing any kind of originating data so people could not make trust decisions based on that at all (however silly doing that may be). See http://www.w3.org/TR/UMP/#request-sending in particular. I don't really mind what we do here either way. -- http://annevankesteren.nl/
Received on Tuesday, 19 March 2013 11:20:58 UTC