Set referrer policy better for <iframe srcdoc> documents

See w3c/webappsec-referrer-policy#31. Such documents should not inherit the referrer policy from their parent document. Instead, we should define the referrer policy for a browsing context environment settings object to crawl upward when it encounters iframe srcdoc documents, just like the referrer policy spec already does for referrers. (It turns out we never actually defined the referrer policy for browsing context environment settings objects previously; oops!) This affects the referrer policy used when making requests from inside an iframe srcdoc document. Closes w3c/webappsec-referrer-policy#31.
whatwg · Aug 11, 2016 · 5d7c532 · 5d7c532
1 parent eeaed87
commit 5d7c532
Showing 1 changed file with 20 additions and 6 deletions.
diff --git a/source b/source
@@ -28069,12 +28069,10 @@ interface <dfn>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
     <p><span>Navigate</span><!--DONAV iframe--> the element's <span>nested browsing context</span>
     to a new <span data-x="concept-response">response</span> whose <span
     data-x="concept-response-url-list">url list</span> consists of <code>about:srcdoc</code>, <span
-    data-x="concept-response-header-list">header list</span> consists of
-    `<code data-x="">Content-Type</code>`/`<code>text/html</code>` and `<code
-    data-x="http-referrer-policy">Referrer-Policy</code>`/the <code>iframe</code> element's
-    <span>node document</span>'s <span data-x="concept-document-referrer-policy">referrer
-    policy</span>, <span data-x="concept-response-body">body</span> is the value of the attribute,
-    <span data-x="concept-response-csp-list">CSP list</span> is the <span
+    data-x="concept-response-header-list">header list</span> consists of `<code
+    data-x="">Content-Type</code>`/`<code>text/html</code>, <span
+    data-x="concept-response-body">body</span> is the value of the attribute, <span
+    data-x="concept-response-csp-list">CSP list</span> is the <span
     data-x="concept-document-csp-list">CSP list</span> of the <code>iframe</code> element's <span>node
     document</span>, <span data-x="concept-response-https-state">HTTPS state</span> is the <span
     data-x="concept-document-https-state">HTTPS state</span> of the <code>iframe</code> element's
@@ -77836,6 +77834,22 @@ console.assert(iframeWindow.frameElement === null);
 
      </dd>
 
+     <dt>The <span>referrer policy</span></dt>
+     <dd>
+
+      <ol>
+       <li><p>Let <var>document</var> be the <code>Document</code> with which <var>window</var> is
+       currently associated.</p></li>
+
+       <li><p>While <var>document</var> is <span>an <code>iframe</code> <code
+       data-x="attr-iframe-srcdoc">srcdoc</code> document</span>, set <var>document</var> to
+       <var>document</var>'s <span data-x="concept-document-bc">browsing context</span>'s
+       <span>browsing context container</span>'s <span>node document</span>.</p></li>
+
+       <li><p>Return <var>document</var>'s <span data-x="concept-document-referrer-policy">referrer
+       policy</span>.</p></li>
+      </ol>
+
     </dl>
    </li>