A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.

To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).

Meta referrer: Difference between revisions

From WHATWG Wiki
Jump to navigation Jump to search
Line 20: Line 20:


Replace Step 3 of ''Fetching resources'' in the HTML standard [HTML] with the following text:
Replace Step 3 of ''Fetching resources'' in the HTML standard [HTML] with the following text:
<blockquote>
<blockquote>
Let the ''referrer-header-value'' be the document's ''current address of document''.
Let the ''referrer-header-value'' be the document's ''current address of document''.
Line 28: Line 27:
If the ''origin'' of the appropriate Document is not a scheme/host/port tuple, then replace the ''referrer-header-value'' with the empty string, regardless of its value.
If the ''origin'' of the appropriate Document is not a scheme/host/port tuple, then replace the ''referrer-header-value'' with the empty string, regardless of its value.


If the ''referrer-policy'' is <code>never</code>:
* If the ''referrer-policy'' is <code>never</code>:
: Replace the ''referrer-header-value'' with the empty string, regardless of its value.


* Replace the ''referrer-header-value'' with the empty string, regardless of its value.
* If the ''referrer-policy'' is <code>default</code>:
: Replace the ''referrer-header-value'' with the empty string if the <scheme> component of the ''referrer-header-value'' represents a protocol that uses transport-layer security and the <scheme> component of the resource being fetched does not.


If the ''referrer-policy'' is <code>default</code>:
* If the ''referrer-policy'' is <code>origin</code>:
 
: Replace the ''referrer-header-value'' with the ''ASCII serialization'' [ORIGIN] of the ''origin' of the appropriate Document.
* Replace the ''referrer-header-value'' with the empty string if the <scheme> component of the ''referrer-header-value'' represents a protocol that uses transport-layer security and the <scheme> component of the ''


* If the ''referrer-policy'' is <code>always</code>:
: Do not alter the ''referrer-header-value''.  '''Warning! This might cause https referrers to be sent over the network as part of unencrypted HTTP requests.'''
</blockquote>


In Step 5 of ''Fetching resources'' in the HTML standard [HTML], replace the text "For the purposes of the Referer (sic) header, [...]" with the following text:
<blockquote>
For the purposes of the Referer (sic) header, use the ''referrer-header-value'' are generated in Step 3.
</blockquote>
</blockquote>



Revision as of 22:22, 25 October 2011

Overview

This document describes a proposal the "referrer" metadata name. Using the referrer metadata attribute, a document can control the behavior if the Referer HTTP header attached to requests that originate from the document.

Specification

Syntax

Keyword: referrer

The referrer metadata attribute can have one of four values:

  • never
  • always
  • origin
  • default

Let referrer-policy be the value of the content attribute with LWS stripped from the beginning and end of the string and converted to lower case. If referrer-policy is none of the strings listed above, the user agent MUST act as if referrer-policy is the string default.

Semantics

Replace Step 3 of Fetching resources in the HTML standard [HTML] with the following text:

Let the referrer-header-value be the document's current address of document.

Remove any <fragment> component from the referrer-header-value.

If the origin of the appropriate Document is not a scheme/host/port tuple, then replace the referrer-header-value with the empty string, regardless of its value.

  • If the referrer-policy is never:
Replace the referrer-header-value with the empty string, regardless of its value.
  • If the referrer-policy is default:
Replace the referrer-header-value with the empty string if the <scheme> component of the referrer-header-value represents a protocol that uses transport-layer security and the <scheme> component of the resource being fetched does not.
  • If the referrer-policy is origin:
Replace the referrer-header-value with the ASCII serialization [ORIGIN] of the origin' of the appropriate Document.
  • If the referrer-policy is always:
Do not alter the referrer-header-value. Warning! This might cause https referrers to be sent over the network as part of unencrypted HTTP requests.

In Step 5 of Fetching resources in the HTML standard [HTML], replace the text "For the purposes of the Referer (sic) header, [...]" with the following text:

For the purposes of the Referer (sic) header, use the referrer-header-value are generated in Step 3.

Examples

This meta element instructs the user agent to omit the Referer header in all HTTP requests that originate from the document containing the element:

<meta name="referrer" content="never">

This meta element instructs the user agent to include the document's origin in the Referer header rather than the full URL of the document.

<meta name="referrer" content="origin">