Comments (9)
@devd suggested that deploying new policy keywords is difficult to do in a backwards-compatible way, and that it would be simpler if we allowed the policy to be overwritten by the last-delivered header. That makes sense to me, and matches what we do for <meta>
delivery.
from webappsec-referrer-policy.
Isn't this what the spec already says? I see https://w3c.github.io/webappsec-referrer-policy/#set-referrer-policy that seems to describe the less-draconian version, and I don't see anywhere describing the draconian version.
from webappsec-referrer-policy.
Oh wait, now I see that https://w3c.github.io/webappsec-referrer-policy/#determine-policy-for-token returns No Referrer for an unknown value.
Though it does still seem to me that conflicting valid values would result in the latest header taking precedence, according to the current spec.
from webappsec-referrer-policy.
Unfortunately, an older browser will see a new keyword as invalid and fall
back to none.
On Nov 11, 2015 6:49 AM, "Emily Stark" [email protected] wrote:
Oh wait, now I see that
https://w3c.github.io/webappsec-referrer-policy/#determine-policy-for-token
returns No Referrer for an unknown value.Though it does still seem to me that conflicting valid values would result
in the latest header taking precedence, according to the current spec.—
Reply to this email directly or view it on GitHub
#4 (comment)
.
from webappsec-referrer-policy.
I think this can be closed now; let me know if there's more work to do here.
from webappsec-referrer-policy.
can you send a patch for blink?
from webappsec-referrer-policy.
Yep, will do
On Wednesday, November 18, 2015, jeisinger [email protected] wrote:
can you send a patch for blink?
—
Reply to this email directly or view it on GitHub
#4 (comment)
.
from webappsec-referrer-policy.
https://codereview.chromium.org/1454823004/
from webappsec-referrer-policy.
oops didn't mean to reopen
from webappsec-referrer-policy.
Related Issues (20)
- Typo: space between “non-” and “potentially trustworthy” HOT 1
- Should request's referrer uses browsing context container’s node document url in Blob url
- What default policy should new features use? HOT 3
- Inconsistencies with "same-origin" requests HOT 23
- same-origin request definition around A->B->A redirects HOT 2
- Clarify priority on five ways of Referrer Policy Delivery HOT 2
- Drop mentions of HTML5 HOT 1
- [proposal] no-referrer-when-crossorigin HOT 7
- Parameterised Referrer Policy HOT 2
- Strip url check for null url appears redundant HOT 2
- Ability to prevent tabnabbing with the referrer-policy header HOT 3
- Possible Version 2 HOT 2
- "Strip url for use as a referrer" sets path to null, which is a spec type error HOT 1
- Bikeshed (remote) returns an error on main branch HOT 1
- Omit referrers on cross-origin requests from an RFC7686 address HOT 4
- Question in relation to Referrer-Policy header and its relation with link rel attribute HOT 4
- Add referrerpolicy to media elements (<audio> and <video>) HOT 6
- Broken references in Referrer Policy
- Add Referrer-Policy no-referrer-when-cross-origin HOT 7
- Add Referrer-Policy to HTTP Field Name Registry
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webappsec-referrer-policy.