W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2014

Re: [whatwg] <meta referrer> as "always-origin"

From: Jonas Sicking <jonas@sicking.cc>
Date: Sun, 17 Aug 2014 12:46:50 -0700
Message-ID: <CA+c2ei8CEYdrvxyBGzryaNZh8tUvznWVUvpOURedmDbzAJB_zg@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHAT Working Group <whatwg@whatwg.org>, Sid Stamm <sid@mozilla.com>
On Fri, Aug 15, 2014 at 11:12 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Sat, Aug 16, 2014 at 8:09 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> On Fri, Aug 15, 2014 at 11:28 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>>> Could we introduce a "always-origin" value for <meta referrer> which
>>> combines the "origin" and "always" policies?
>>
>> That is called Origin Only:
>> http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states
>> It does not seem exposed as a value for <meta name=referrer> at this
>> point.
>
> Actually, it seems that is the "origin" value, my bad. Why did you
> think that was behaving differently?

Because the description for "always" contains the text "Note: This
might cause https referrers to be sent over the network as part of
unencrypted HTTP requests.", but the description for "origin" does
not.

/ Jonas
Received on Sunday, 17 August 2014 19:47:50 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:22 UTC