[html5] r4727 - [giow] (2) Require Referer: to be omitted for data: URLs and sandboxed iframes. [...]
whatwg at whatwg.org
whatwg at whatwg.org
Sun Feb 14 01:48:01 PST 2010
Author: ianh
Date: 2010-02-14 01:47:59 -0800 (Sun, 14 Feb 2010)
New Revision: 4727
Modified:
complete.html
index
source
Log:
[giow] (2) Require Referer: to be omitted for data: URLs and sandboxed iframes.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=8869
Modified: complete.html
===================================================================
--- complete.html 2010-02-14 09:42:34 UTC (rev 4726)
+++ complete.html 2010-02-14 09:47:59 UTC (rev 4727)
@@ -5230,6 +5230,11 @@
Request-URIs are obtained</i>.</p> <!-- RFC2616 says "The URI MUST
NOT include a fragment." (section 14.36) -->
+ <p>If the <a href=#origin>origin</a> of the appropriate
+ <code>Document</code> is not a scheme/host/port tuple, then the
+ <code title=http-referer>Referer</code> (sic) header must be
+ omitted, regardless of its value.</p>
+
</li>
<li><p>Perform the remaining steps asynchronously.</li>
Modified: index
===================================================================
--- index 2010-02-14 09:42:34 UTC (rev 4726)
+++ index 2010-02-14 09:47:59 UTC (rev 4727)
@@ -5129,6 +5129,11 @@
Request-URIs are obtained</i>.</p> <!-- RFC2616 says "The URI MUST
NOT include a fragment." (section 14.36) -->
+ <p>If the <a href=#origin>origin</a> of the appropriate
+ <code>Document</code> is not a scheme/host/port tuple, then the
+ <code title=http-referer>Referer</code> (sic) header must be
+ omitted, regardless of its value.</p>
+
</li>
<li><p>Perform the remaining steps asynchronously.</li>
Modified: source
===================================================================
--- source 2010-02-14 09:42:34 UTC (rev 4726)
+++ source 2010-02-14 09:47:59 UTC (rev 4727)
@@ -4753,6 +4753,11 @@
Request-URIs are obtained</i>.</p> <!-- RFC2616 says "The URI MUST
NOT include a fragment." (section 14.36) -->
+ <p>If the <span>origin</span> of the appropriate
+ <code>Document</code> is not a scheme/host/port tuple, then the
+ <code title="http-referer">Referer</code> (sic) header must be
+ omitted, regardless of its value.</p>
+
</li>
<li><p>Perform the remaining steps asynchronously.</p></li>
More information about the Commit-Watchers
mailing list