[html5] r4727 - [giow] (2) Require Referer: to be omitted for data: URLs and sandboxed iframes. [...]

whatwg at whatwg.org whatwg at whatwg.org
Sun Feb 14 01:48:01 PST 2010 

Author: ianh
Date: 2010-02-14 01:47:59 -0800 (Sun, 14 Feb 2010)
New Revision: 4727

Modified:
   complete.html
   index
   source
Log:
[giow] (2) Require Referer: to be omitted for data: URLs and sandboxed iframes.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=8869

Modified: complete.html
===================================================================
--- complete.html	2010-02-14 09:42:34 UTC (rev 4726)
+++ complete.html	2010-02-14 09:47:59 UTC (rev 4727)
@@ -5230,6 +5230,11 @@
     Request-URIs are obtained</i>.</p> <!-- RFC2616 says "The URI MUST
     NOT include a fragment." (section 14.36) -->
 
+    <p>If the <a href=#origin>origin</a> of the appropriate
+    <code>Document</code> is not a scheme/host/port tuple, then the
+    <code title=http-referer>Referer</code> (sic) header must be
+    omitted, regardless of its value.</p>
+
    </li>
 
    <li><p>Perform the remaining steps asynchronously.</li>

Modified: index
===================================================================
--- index	2010-02-14 09:42:34 UTC (rev 4726)
+++ index	2010-02-14 09:47:59 UTC (rev 4727)
@@ -5129,6 +5129,11 @@
     Request-URIs are obtained</i>.</p> <!-- RFC2616 says "The URI MUST
     NOT include a fragment." (section 14.36) -->
 
+    <p>If the <a href=#origin>origin</a> of the appropriate
+    <code>Document</code> is not a scheme/host/port tuple, then the
+    <code title=http-referer>Referer</code> (sic) header must be
+    omitted, regardless of its value.</p>
+
    </li>
 
    <li><p>Perform the remaining steps asynchronously.</li>

Modified: source
===================================================================
--- source	2010-02-14 09:42:34 UTC (rev 4726)
+++ source	2010-02-14 09:47:59 UTC (rev 4727)
@@ -4753,6 +4753,11 @@
     Request-URIs are obtained</i>.</p> <!-- RFC2616 says "The URI MUST
     NOT include a fragment." (section 14.36) -->
 
+    <p>If the <span>origin</span> of the appropriate
+    <code>Document</code> is not a scheme/host/port tuple, then the
+    <code title="http-referer">Referer</code> (sic) header must be
+    omitted, regardless of its value.</p>
+
    </li>
 
    <li><p>Perform the remaining steps asynchronously.</p></li>

More information about the Commit-Watchers mailing list