Skip to content

Commit

Permalink
Do not repeat the referrer policies
Browse files Browse the repository at this point in the history 
Instead, simply delegate to the referrer policy spec. This makes it
easier to add new referrer policies without editing HTML.

Fixes #1656. See also
w3c/webappsec-referrer-policy#62.
  • Loading branch information
@domenic
domenic committed Aug 25, 2016
1 parent 6c777d8 commit 4c228d3
Showing 1 changed file with 28 additions and 109 deletions.
137 changes: 28 additions & 109 deletions source
View file
Expand Up @@ -2802,7 +2802,6 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
<ul class="brief">
<li><dfn data-noexport=""><code>about:blank</code></dfn>
<li><dfn data-x-href="https://fetch.spec.whatwg.org/#concept-https-state-value">HTTPS state value</dfn>
<li><dfn data-x-href="https://fetch.spec.whatwg.org/#concept-referrer-policy">referrer policy</dfn>
<li><dfn data-noexport="" data-x-href="https://fetch.spec.whatwg.org/#http-cors-protocol">CORS protocol</dfn>
<li><dfn data-noexport="" data-x="default-user-agent-value" data-x-href="https://fetch.spec.whatwg.org/#default-user-agent-value">default `<code>User-Agent</code>` value</dfn>
<li><dfn data-noexport="" data-x-href="https://fetch.spec.whatwg.org/#concept-header-extract-mime-type">extract a MIME type</dfn>
Expand Down Expand Up @@ -2863,16 +2862,8 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
<p>The following terms are defined in <cite>Referrer Policy</cite>: <ref spec=REFERRERPOLICY></p>

<ul class="brief">
<li><dfn data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy">referrer policy</dfn></li>
<li>The <dfn data-x="referrer-policy-token" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#policy-token"><code>policy-token</code></dfn> production</li>
<li>The
<dfn data-x="referrerpolicy-no-referrer" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">"<code>no-referrer</code>"</dfn>,
<dfn data-x="referrerpolicy-no-referrer-when-downgrade" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">"<code>no-referrer-when-downgrade</code>"</dfn>,
<dfn data-x="referrerpolicy-same-origin" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">"<code>same-origin</code>"</dfn>,
<dfn data-x="referrerpolicy-origin" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">"<code>origin</code>"</dfn>,
<dfn data-x="referrerpolicy-strict-origin" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">"<code>strict-origin</code>"</dfn>,
<dfn data-x="referrerpolicy-origin-when-cross-origin" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">"<code>origin-when-cross-origin</code>"</dfn>,
<dfn data-x="referrerpolicy-strict-origin-when-cross-origin" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">"<code>strict-origin-when-cross-origin</code>"</dfn>, and
<dfn data-x="referrerpolicy-unsafe-url" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">"<code>unsafe-url</code>"</dfn> policies</li>
<li>The `<dfn data-x="http-referrer-policy" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-header-dfn"><code>Referrer-Policy</code></dfn>` HTTP header</li>
<li>The <dfn data-x="parse-referrer-policy-header" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#parse-referrer-policy-from-header">parse a referrer policy from a `<code>Referrer-Policy</code>` header</dfn> algorithm</li>
<li>The <dfn data-x="concept-determine-referrer-policy" data-x-href="https://w3c.github.io/webappsec-referrer-policy/#determine-policy-for-token">determine the referrer policy</dfn> algorithm</li>
Expand Down Expand Up @@ -7244,80 +7235,17 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
<h4>Referrer policy attributes</h4>

<p>A <dfn data-export="">referrer policy attribute</dfn> is an <span>enumerated attribute</span>.
The following table lists the keywords and states for the attribute &mdash; the keywords in the
left column map to the states in the cell in the second column on the same row as the keyword.
These states are all <span data-x="referrer policy">referrer policies</span>, and their impact on
the processing model of various <span data-x="concept-fetch">fetches</span> is defined in more
detail in the WHATWG Fetch standard and in <cite>Referrer Policy</cite>. <ref spec=FETCH> <ref
spec=REFERRERPOLICY></p>
Each <span>referrer policy</span>, including the empty string, is a keyword for this attribute,
mapping to a state of the same name.</p>

<table>
<thead>
<tr>
<th> Keyword
<th> State
<th> Brief description
<tbody>
<tr>
<td><dfn><code data-x="attr-referrerpolicy-no-referrer-keyword">no-referrer</code></dfn>
<td><span data-x="referrerpolicy-no-referrer">"<code>no-referrer</code>"</span>
<td><span data-x="concept-request">Requests</span> for the element will have no <span
data-x="concept-request-referrer">referrer</span> sent at all.
<tr>
<td><dfn><code data-x="attr-referrerpolicy-no-referrer-when-downgrade-keyword">no-referrer-when-downgrade</code></dfn>
<td><span data-x="referrerpolicy-no-referrer-when-downgrade">"<code>no-referrer-when-downgrade</code>"</span>
<td><span data-x="concept-request">Requests</span> for the element will send a full URL as
their <span data-x="concept-request-referrer">referrer</span> to destinations that are
<span data-x="a priori authenticated URL"><i>a priori</i> authenticated URLs</span>; otherwise,
no <span data-x="concept-request-referrer">referrer</span> will be sent.
<tr>
<td><dfn><code data-x="attr-referrerpolicy-same-origin-keyword">same-origin</code></dfn>
<td><span data-x="referrerpolicy-same-origin">"<code>same-origin</code>"</span>
<td><span data-x="concept-request">Requests</span> for the element will send a full URL as
their <span data-x="concept-request-referrer">referrer</span> to the same <span>origin</span>,
but no <span data-x="concept-request-referrer">referrer</span> will be sent for cross-origin
requests.
<tr>
<td><dfn><code data-x="attr-referrerpolicy-origin-keyword">origin</code></dfn>
<td><span data-x="referrerpolicy-origin">"<code>origin</code>"</span>
<td><span data-x="concept-request">Requests</span> for the element will only send an
<span>origin</span> as their <span data-x="concept-request-referrer">referrer</span>.
<tr>
<td><dfn><code data-x="attr-referrerpolicy-strict-origin-keyword">strict-origin</code></dfn>
<td><span data-x="referrerpolicy-strict-origin">"<code>strict-origin</code>"</span>
<td><span data-x="concept-request">Requests</span> for the element will only send an
<span>origin</span> as their <span data-x="concept-request-referrer">referrer</span>
to destinations that are <span data-x="a priori authenticated URL"><i>a priori</i>
authenticated URLs</span>; otherwise, no
<span data-x="concept-request-referrer">referrer</span> will be sent.
<tr>
<td><dfn><code data-x="attr-referrerpolicy-origin-when-cross-origin-keyword">origin-when-cross-origin</code></dfn>
<td><span data-x="referrerpolicy-origin-when-cross-origin">"<code>origin-when-cross-origin</code>"</span>
<td><span data-x="concept-request">Requests</span> for the element will send a full URL as
their <span data-x="concept-request-referrer">referrer</span> to the same <span>origin</span>,
but will only send an <span>origin</span> as their <span
data-x="concept-request-referrer">referrer</span> for cross-origin requests.
<tr>
<td><dfn><code data-x="attr-referrerpolicy-strict-origin-when-cross-origin-keyword">strict-origin-when-cross-origin</code></dfn>
<td><span data-x="referrerpolicy-strict-origin-when-cross-origin">"<code>strict-origin-when-cross-origin</code>"</span>
<td><span data-x="concept-request">Requests</span> for the element will send a full URL as
their <span data-x="concept-request-referrer">referrer</span> to the same <span>origin</span>,
only send an <span>origin</span> as
their <span data-x="concept-request-referrer">referrer</span> for cross-origin requests to
destinations that are <span data-x="a priori authenticated URL"><i>a priori</i> authenticated
URLs</span>; otherwise, no <span data-x="concept-request-referrer">referrer</span> will be
sent.
<tr>
<td><dfn><code data-x="attr-referrerpolicy-unsafe-url-keyword">unsafe-url</code></dfn>
<td><span data-x="referrerpolicy-unsafe-url">"<code>unsafe-url</code>"</span>
<td><span data-x="concept-request">Requests</span> for the element will send a full URL as
their <span data-x="concept-request-referrer">referrer</span> in all cases.
</table>

<p>An additional state is given by the empty string (which is also a valid <span>referrer
policy</span>). The attribute's <i data-x="invalid value default">invalid value default</i> and <i
<p>The attribute's <i data-x="invalid value default">invalid value default</i> and <i
data-x="missing value default">missing value default</i> are both the empty string state.</p>

<p>The impact of these states on the processing model of various <span
data-x="concept-fetch">fetches</span> is defined in more detail throughout this specification, in
the WHATWG Fetch standard, and in <cite>Referrer Policy</cite>. <ref spec=FETCH> <ref
spec=REFERRERPOLICY></p>

<div class="note">
<p>Several signals can contribute to which processing model is used for a given <span
data-x="concept-fetch">fetch</span>; a <span>referrer policy attribute</span> is only one of
Expand Down Expand Up @@ -13372,19 +13300,8 @@ interface <dfn>HTMLMetaElement</dfn> : <span>HTMLElement</span> {
<dt><dfn><code data-x="meta-referrer">referrer</code></dfn></dt>

<dd>
<p>The value must match the <code data-x="referrer-policy-token">policy-token</code> production,
defining a default <span>referrer policy</span> for the <code>Document</code>. <ref
spec="REFERRERPOLICY"></p>

<p>In particular, <span w-nodev>although they impact the processing model,</span> the legacy
values <code data-x="">never</code>, <code data-x="">default</code>, and <code
data-x="">always</code> must not be used by authors; instead, use <code
data-x="">no-referrer</code>, <code data-x="">no-referrer-when-downgrade</code>, and <code
data-x="">unsafe-url</code>, respectively.</p>

<p class="note">The valid values for the <code data-x="attr-meta-content">content</code>
attribute in this state match the keywords for <span data-x="referrer policy attribute">referrer
policy attributes</span>.</p>
<p>The value must be a <span>referrer policy</span>, which defines the default <span>referrer
policy</span> for the <code>Document</code>. <ref spec="REFERRERPOLICY"></p>

<div w-nodev>

Expand All @@ -13401,9 +13318,9 @@ interface <dfn>HTMLMetaElement</dfn> : <span>HTMLElement</span> {
meet the following criteria, in <span>tree order</span>:</p>

<ul class="brief">
<li>The element is <span>in a document tree</span>.</li>
<li>The element is <span>in a document tree</span></li>
<li>The element has a <code data-x="attr-meta-name">name</code> attribute, whose value is
<code data-x="meta-referrer">referrer</code>.</li>
<code data-x="meta-referrer">referrer</code></li>
<li>The element has a <code data-x="attr-meta-content">content</code> attribute</li>
<li>The element is a child of <span>the <code>head</code> element</span> of the document</li>
</ul>
Expand All @@ -13422,9 +13339,18 @@ interface <dfn>HTMLMetaElement</dfn> : <span>HTMLElement</span> {
<p>If <var>value</var> is not the empty string, then:</p>

<ol>
<li><p>Let <var>policy</var> be the result of <span
data-x="concept-determine-referrer-policy">determining the policy</span> for
<var>value</var>.</p></li>
<li>
<p>Let <var>policy</var> be the result of <span
data-x="concept-determine-referrer-policy">determining the policy</span> for
<var>value</var>.</p>

<p class="note">This step allows the legacy values <code data-x="">never</code>, <code
data-x="">default</code>, and <code data-x="">always</code> to take the place of the
standard referrer policies <code data-x="">no-referrer</code>, <code
data-x="">no-referrer-when-downgrade</code>, and <code data-x="">unsafe-url</code>,
respectively. Per the above conformance requirement, these legacy values must never be
used by authors, even though this step causes them to impact the processing model.</p>
</li>

<li><p>If <var>policy</var> is not the empty string, then set <var>element</var>'s
<span>node document</span>'s <span data-x="concept-document-referrer-policy">referrer
Expand Down Expand Up @@ -13472,9 +13398,9 @@ interface <dfn>HTMLMetaElement</dfn> : <span>HTMLElement</span> {
meet the following criteria, in <span>tree order</span>:</p>

<ul class="brief">
<li>The element is <span>in a document tree</span>.</li>
<li>The element is <span>in a document tree</span></li>
<li>The element has a <code data-x="attr-meta-name">name</code> attribute, whose value is
<code data-x="meta-theme-color">theme-color</code>.</li>
<code data-x="meta-theme-color">theme-color</code></li>
<li>The element has a <code data-x="attr-meta-content">content</code> attribute</li>
</ul>
</li>
Expand Down Expand Up @@ -117051,14 +116977,7 @@ interface <dfn>External</dfn> {
<code data-x="attr-img-referrerpolicy">img</code>;
<code data-x="attr-link-referrerpolicy">link</code>
<td> Determines the <span>referrer policy</span> for <span data-x="concept-fetch">fetches</span> initiated by the element
<td> "<code data-x="attr-referrerpolicy-no-referrer-keyword">no-referrer</code>";
"<code data-x="attr-referrerpolicy-no-referrer-when-downgrade-keyword">no-referrer-when-downgrade</code>";
"<code data-x="attr-referrerpolicy-same-origin-keyword">same-origin</code>";
"<code data-x="attr-referrerpolicy-origin-keyword">origin</code>";
"<code data-x="attr-referrerpolicy-strict-origin-keyword">strict-origin</code>";
"<code data-x="attr-referrerpolicy-origin-when-cross-origin-keyword">origin-when-cross-origin</code>";
"<code data-x="attr-referrerpolicy-strict-origin-when-cross-origin-keyword">strict-origin-when-cross-origin</code>";
"<code data-x="attr-referrerpolicy-unsafe-url-keyword">unsafe-url</code>"
<td> <span>Referrer policy</span>
<tr>
<th> <code data-x="">rel</code>
<td> <code data-x="attr-hyperlink-rel">a</code>;
Expand Down

0 comments on commit 4c228d3

Please sign in to comment.