Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question in relation to Referrer-Policy header and its relation with link rel attribute #159

Closed
evilaliv3 opened this issue Nov 10, 2021 · 4 comments
Closed

Question in relation to Referrer-Policy header and its relation with link rel attribute #159

evilaliv3 opened this issue Nov 10, 2021 · 4 comments

Comments

@evilaliv3
Copy link

evilaliv3 commented Nov 10, 2021
edited

Hello,

i've doubt about relation to Referrer-Policy header and its relation with link rel attribute that i could not find described in any spec and i would welcome your clarification.

Supposing 1: setting the rel property of an HTML link to the value noreferrer is equivalent to set the same attribute to noreferrer noopener (because noreferrer implies noopener as stated explicitly stated in the specs

Supposing 2: setting the HTTP Referrer-Policy header to the value no-referrer is equivalent to set the rel property of any HTML link served within the request to the value noopener(is this statement correct?)

Is it correct to expect that setting the HTTP Referrer-Policy header would obtain exactly same result of setting the rel any HTML link served within the request to the value noreferrer noopener

Thank you!
@hackademix
Copy link

hackademix commented Nov 10, 2021
edited

Supposing 2: setting the HTTP Referrer-Policy header to the value no-referrer is equivalent to set the rel property of any HTML link served within the request to the value noopener(is this statement correct?)

No, it's not.

Is it correct to expect that setting the HTTP Referrer-Policy header would obtain exactly same result of setting the rel any HTML link served within the request to the value noreferrer noopener

No it's not, because as you said no relationship between the HTTP Referrer-Policy header and the window.opener value in the target browsing context is stated anywhere by the specs.

However, depending on your use case, this might not be a big deal, since any link with target="_blank" defaults to noopener.

@evilaliv3
Copy link
Author

thank you so much @hackademix

i got probably confused in my first ipothesis (header set to no-referrer equal rel=noreferrer), but i understand from what you say that they are not related at all

@annevk
Copy link
Member

annevk commented Nov 11, 2021

They are related in that rel=noreferrer takes precedence, but that's about it. You might want to look at Cross-Origin-Opener-Policy.

@annevk annevk closed this as completed Nov 11, 2021
@evilaliv3
Copy link
Author

Thank you @annevk, this advice is really helpful. I just looked at your suggestion and we are going to immediately implement it.

@evilaliv3 evilaliv3 mentioned this issue Nov 12, 2021
Closed
@evilaliv3 evilaliv3 mentioned this issue Nov 21, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@evilaliv3 @hackademix @annevk