|Issue 627968||Implement new referrer-policy states|
|Starred by 28 users||Project Member Reported by est...@chromium.org, Jul 13 2016||Back to list|
We need to implement the following new referrer-policy states: * same-origin (https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin) * strict-origin (https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin) * strict-origin-when-cross-origin (https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin)
Issue 613737 has been merged into this issue.
Hey Emily, I've added support for RP to Security Headers now and naturally it'd be great to see the new states added to Chrome now that RP has reached W3C CR status. Any ETA on this? Thanks!  https://schd.io/1
Just since this has been open for quite a while, without much (or any?) activity, I'd just like to add another comment in support of this being implemented too. I maintain a headers focused PHP library in-which an upcoming version will include `Referrer-Policy: strict-origin-when-cross-origin` among its default header set. Unfortunately due to this bug/issue, the `no-referrer` version of this header also must be included as a fallback (which obviously has its usability disadvantages), but remains the only value to offer at least the same security and privacy features, that is also supported by Chrome. This just to say it would be great to see Chrome support RP (in-full) so that we can all start taking advantage of it! : https://github.com/aidantwoods/SecureHeaders/issues/19
Issue 710039 has been merged into this issue.
Issue 711898 has been merged into this issue.
|► Sign in to add a comment|