Re: [whatwg] getting rid of anonymizing redirects from Ilya Grigorik on 2014-10-08 (public-whatwg-archive@w3.org from October 2014)

From: Ilya Grigorik <igrigorik@gmail.com>
Date: Wed, 8 Oct 2014 11:43:12 -0400
To: Peter Lepeska <bizzbyster@gmail.com>
Cc: WHAT Working Group <whatwg@whatwg.org>, Chris Bentzel <cbentzel@google.com>, public-web-perf@w3.org
Message-ID: <CAKRe7JH70-0OAyq+Hh0WzR2mQfKVa8LX1PfGnv_NztdUhJqsMw@mail.gmail.com>

On Wed, Oct 8, 2014 at 11:36 AM, Peter Lepeska <bizzbyster@gmail.com> wrote:

> Does this have implications for resource hints? Do we want the ability to
> specify “noreferrer” for prerendered pages? Currently noreferrer only
> applies to the <a> tag.

My understanding is that you set a global policy, which would apply to all
requests:
https://w3c.github.io/webappsec/specs/content-security-policy/#directive-referrer

e.g. Content-Security-Policy: referrer no-referrer; (or equivalent meta
element)

ig

Received on Wednesday, 8 October 2014 15:44:17 UTC