diff --git a/index.src.html b/index.src.html index 59d5cfb..538527f 100644 --- a/index.src.html +++ b/index.src.html @@ -284,9 +284,9 @@
origin-only
"origin
"origin-only
" policy specifies that only the
+ The "origin
" policy specifies that only the
ASCII serialization of the
origin of the request client is sent as referrer information
when making both same-origin requests and cross-origin requests
@@ -298,12 +298,12 @@ https://example.com/
).
- Note: The "origin-only
" policy causes the origin of HTTPS
+ Note: The "origin
" policy causes the origin of HTTPS
referrers to be sent over the network as part of unencrypted HTTP requests.
https://example.com/page.html
sets a policy of
- "origin-only
", then navigations to any
+ "origin
", then navigations to any
origin would send a Referer
header with a value
of https://example.com/
, even to URLs that are not a
priori authenticated URLs.
@@ -579,7 +579,7 @@ no-referrer
",
"no-referrer-when-downgrade
",
- "origin-only
",
+ "origin
",
"origin-when-cross-origin
", or
"unsafe-url
",
abort these steps.
@@ -705,7 +705,7 @@ no-referrer
"no referrer
origin-only
"origin
"unsafe-url
"origin
", return "origin-only
".
+ string "origin
", return "origin
".
origin-only
" and
+ The referrer policies "origin
" and
"unsafe-url
" might leak the origin and the URL of
a secure site respectively via insecure transport.
@@ -875,7 +875,7 @@ no-referrer-when-downgrade
" will
not leak any information over insecure transport, and
- "origin-only
" will, the latter reveals less information
+ "origin
" will, the latter reveals less information
across cross-origin navigations.
On the other hand, allowing for setting less strict policies enables authors
@@ -896,10 +896,10 @@ unsafe-url
" policy. A site can specify
- an "origin-only
" policy followed by an
+ an "origin
" policy followed by an
"unsafe-url
" policy: older user agents will ignore the
unknown "unsafe-url
" value and use
- "origin-only
", while newer user agents will use
+ "origin
", while newer user agents will use
"unsafe-url
" because it is the last to be processed.