Current votes: None.
On Tue, Oct 25, 2011 at 9:16 PM, Adam Barth <firstname.lastname@example.org> wrote: > That's an interesting idea. It certainly integrates the two features > better. We might need to iterate on the names a bit though. > > It's a bit strange to have two levels of defaults. For example, > suppose you have <meta name="referrer" content="noreferrer"> but then > <a rel="defaultreferrer">. That's like overriding the one level of > default to get to a "more" default behavior. > This goes away if you call it "standard referrer" or something like that. Maybe just "referrer"? ("referer-origin", "referer-always", etc. is nicer, but then it looks like something distinct from "noreferer" instead of items in the same set.) > Are implementors really willing to implement a feature that allows > disabling > > referrers for non-links, though? I'm pretty sure rel=noreferrer's > > links-only limitation is by design. > > I'm an implementor, and I'm interested in implementing this feature. :) > It would fully break the basic use cases of Referer--being able to tell what server is inlining resources on your server and causing it to be hammered, and being able to do something about it. "rel=originreferer" mode doesn't have that problem, though. By the way, does this need to consider CORS and the Origin header for <img cross-origin>? I'm not fresh on how that works.