Issue 729571 link

Starred by 5 users

Issue metadata

Status:	Fixed
Owner:	est...@chromium.org
Closed:	Jul 2017
Components:	Blink>SecurityFeature
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Launch-OWP
Launch-Accessibility:	----
Launch-Exp-Leadership:	----
Launch-Leadership:	----
Launch-Legal:	----
Launch-M-Approved:	----
Launch-M-Target:	----
Launch-Privacy:	----
Launch-Security:	----
Launch-Test:	----
Launch-UI:	----
Rollout-Type:	----
OWP-Type-NewAPI OWP-Design-No OWP-Standards-OfficialSpec M-61

Additional referrer policies: same-origin, strict-origin, strict-origin-when-cross-origin

Project Member Reported by est...@chromium.org, Jun 5 2017

Issue description

Change description:
The Referrer Policy specification includes three policy values that Chrome doesn't yet implement.
- same-origin: Send full referrers same-origin, no referrers cross-origin.
- strict-origin: Strip referrers to the origin, but strip them when downgrading from HTTPS to HTTP.
- strict-origin-when-cross-origin: Send full referrers same-origin, and the origin when cross-origin, but strip referrers when downgrading from HTTPS to HTTP.

Changes to API surface:
Additional referrer policy values available in the existing Referrer-Policy header, `referrerpolicy` attribute, and <meta name="referrer" tag>

Links:
Public standards discussion: https://lists.w3.org/Archives/Public/public-webappsec/2016Mar/0085.html

Support in other browsers:
Internet Explorer: no signals
Firefox: supported
Safari: no signals

Comment 1 by est...@chromium.org, Jul 12 2017

Status: Fixed (was: Assigned)

►

Issue 729571 link

Issue metadata

Additional referrer policies: same-origin, strict-origin, strict-origin-when-cross-origin

Issue description

Comment 1 by est...@chromium.org, Jul 12 2017

Comment 1 Deleted

Sign in to add a comment