The referrerpolicy attribute is being standardized to work on <script> elements. The HTML Standard PR can be found at [1].
What steps will reproduce the problem?
(1) Process a page with: `<script referrerpolicy=origin src=test.js></script>`
(2) See that the resolved referrer policy for the request made by this element was the default `no-referrer-when-downgrade`, and not `origin`.
This is because currently <script> elements do not have support for the referrerpolicy attribute. The referrer policy is set to the empty string in `prepare a script` [2], which is set to `no-referrer-when-downgrade` later on while fetching.
[1]: https://github.com/whatwg/html/pull/3678
[2]: https://html.spec.whatwg.org/multipage/scripting.html#prepare-a-script
I'm happy to do this implementation in Chromium if this sounds good. Question: should we have a chromestatus entry and Intent-To-Ship along with this addition?
Comment 1 by domfarolino@gmail.com
, May 11 2018Status: Started