Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Issue 729571 Additional referrer policies: same-origin, strict-origin, strict-origin-when-cross-origin
Starred by 4 users Project Member Reported by est...@chromium.org, Jun 5 Back to list
Status: Assigned
Owner:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: ----
Launch-Privacy: ----
Launch-Security: ----
Launch-Status: ----
Launch-Test: ----
Launch-UI: ----



Sign in to add a comment
Change description:
The Referrer Policy specification includes three policy values that Chrome doesn't yet implement.
- same-origin: Send full referrers same-origin, no referrers cross-origin.
- strict-origin: Strip referrers to the origin, but strip them when downgrading from HTTPS to HTTP.
- strict-origin-when-cross-origin: Send full referrers same-origin, and the origin when cross-origin, but strip referrers when downgrading from HTTPS to HTTP.

Changes to API surface:
Additional referrer policy values available in the existing Referrer-Policy header, `referrerpolicy` attribute, and <meta name="referrer" tag>

Links:
Public standards discussion: https://lists.w3.org/Archives/Public/public-webappsec/2016Mar/0085.html

Support in other browsers:
Internet Explorer: no signals
Firefox: supported
Safari: no signals
 
Sign in to add a comment