Light

Consider being less draconian in conflict resolution about webappsec-referrer-policy HOT 9 CLOSED

w3c commented on June 12, 2024

Consider being less draconian in conflict resolution

from webappsec-referrer-policy.

Comments (9)

mikewest commented on June 12, 2024

@devd suggested that deploying new policy keywords is difficult to do in a backwards-compatible way, and that it would be simpler if we allowed the policy to be overwritten by the last-delivered header. That makes sense to me, and matches what we do for <meta> delivery.

from webappsec-referrer-policy.

estark37 commented on June 12, 2024

Isn't this what the spec already says? I see https://w3c.github.io/webappsec-referrer-policy/#set-referrer-policy that seems to describe the less-draconian version, and I don't see anywhere describing the draconian version.

from webappsec-referrer-policy.

estark37 commented on June 12, 2024

Oh wait, now I see that https://w3c.github.io/webappsec-referrer-policy/#determine-policy-for-token returns No Referrer for an unknown value.

Though it does still seem to me that conflicting valid values would result in the latest header taking precedence, according to the current spec.

from webappsec-referrer-policy.

devd commented on June 12, 2024

Unfortunately, an older browser will see a new keyword as invalid and fall
back to none.
On Nov 11, 2015 6:49 AM, "Emily Stark" [email protected] wrote:

Oh wait, now I see that
https://w3c.github.io/webappsec-referrer-policy/#determine-policy-for-token
returns No Referrer for an unknown value.

Though it does still seem to me that conflicting valid values would result
in the latest header taking precedence, according to the current spec.

—
Reply to this email directly or view it on GitHub
#4 (comment)
.

from webappsec-referrer-policy.

estark37 commented on June 12, 2024

I think this can be closed now; let me know if there's more work to do here.

from webappsec-referrer-policy.

jeisinger commented on June 12, 2024

can you send a patch for blink?

from webappsec-referrer-policy.

estark37 commented on June 12, 2024

Yep, will do

On Wednesday, November 18, 2015, jeisinger [email protected] wrote:

can you send a patch for blink?

—
Reply to this email directly or view it on GitHub
#4 (comment)
.

from webappsec-referrer-policy.

estark37 commented on June 12, 2024

https://codereview.chromium.org/1454823004/

from webappsec-referrer-policy.

estark37 commented on June 12, 2024

oops didn't mean to reopen

from webappsec-referrer-policy.

Related Issues (20)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs