Re: [whatwg] getting rid of anonymizing redirects

Understood and thanks for the explanation.

Does this have implications for resource hints? Do we want the ability to
specify łnoreferrer˛ for prerendered pages? Currently noreferrer only
applies to the <a> tag.

Thanks,

Peter





From:  Ilya Grigorik <igrigorik@gmail.com>
Date:  Tuesday, October 7, 2014 at 6:13 PM
To:  Peter Lepeska <bizzbyster@gmail.com>
Cc:  Chris Bentzel <cbentzel@google.com>, WHAT Working Group
<whatwg@whatwg.org>, <public-web-perf@w3.org>
Subject:  Re: [whatwg] getting rid of anonymizing redirects


On Tue, Oct 7, 2014 at 8:28 AM, Peter Lepeska <bizzbyster@gmail.com> wrote:
> Looks like this is already supported:
> https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer.
> 
> Just need to educate web developers to you use it.

It's a bit more complicated. The redirector use case has many dimensions:
a) site wants to anonymize the referrer (and do so reliably across all UAs)
b) site wants to log the navigation for analytics (sync XHR = bad, <a ping>
has limited support, Beacon is FF/Chrome only)
c) site wants to log native-app visits and add "attribution" to their native
app - e.g. G+ app clicks are shown as plus.google.com
<http://plus.google.com>  in referrer logs.

In theory, (a) and (b) are addressed by new APIs. In practice, due to old
UAs + implementation differences, redirector is *way* easier - don't have to
perform UA detects, etc. (c) is a whole different story.. and the reason
many teams like the redirector route is that it allows them to reuse the
same path for web and native.

To be clear, I'm not endorsing the pattern.. I'd love get rid of it. That
said, just want to relay the feedback I've received in the past.

- we need referrer logic implemented consistently.
- we need Beacon available in all browsers.

Also, preconnect support can also help speed things up for redirector case:
http://w3c.github.io/resource-hints/#anonymizing-redirect-preconnect

ig

Received on Wednesday, 8 October 2014 15:36:52 UTC