On Thu, Jan 26, 2012 at 1:46 AM, David Bruant <[email protected]> wrote: > Le 26/01/2012 10:35, Boris Zbarsky a écrit : >> On 1/26/12 9:12 AM, Adam Barth wrote: >>>> >>>> Should the speculative parser have knowledge of<meta name=referrer>? >>> >>> That's not what's currently specified. Like many other browser >>> features, this feature lets web sites detect that the browser is >>> speculatively prefetching resources. If that's a big issue, it's >>> something we can try to address. >> >> It seems like a bigger problem is that if speculative prefetches don't >> know about this <meta> then they will leak the referrer, which is something >> the site did NOT want to happen. > > A radically different approach that websites could take to express not > wanting the referrer to be sent on requests for a given page would be > sending a specific HTTP header in the response. This way, the user agent > would know what the intention is before having to read any <meta> header and > could do the prefetches without sending the referrer.
Indeed. I plan to propose this as a directive for CSP 1.1. Adam
