From b3aec4d085cde783153ad412bf6d7f4fd5ab8e35 Mon Sep 17 00:00:00 2001 From: Brad Hill Date: Mon, 17 Oct 2016 17:43:16 -0700 Subject: [PATCH 1/5] algorithm for determining ancestorOrigin for a Location --- index.html | 2192 +++++++++++++++++++++++++++++++----------------- index.src.html | 99 +++ 2 files changed, 1528 insertions(+), 763 deletions(-) diff --git a/index.html b/index.html index 2823a66..05804f6 100644 --- a/index.html +++ b/index.html @@ -1,55 +1,319 @@ + Referrer Policy - - + + + + + -
-

+

Referrer Policy

-

Editor’s Draft,

+

Editor’s Draft,

This version:
https://w3c.github.io/webappsec-referrer-policy/ -
Latest version: +
Latest published version:
http://www.w3.org/TR/referrer-policy/
Version History:
https://github.com/w3c/webappsec-referrer-policy/commits/master/index.src.html @@ -1107,20 +1448,20 @@

-

Table of Contents

-
- -
+ +

1. Introduction

@@ -1227,53 +1569,53 @@

2. Key Concepts and Terminology

-
referrer policy +
referrer policy
- A referrer policy modifies the algorithm used to populate the Referer header when fetching subresources, + A referrer policy modifies the algorithm used to populate the Referer header when fetching subresources, prefetching, or performing navigations. This document defines the various - behaviors for each referrer policy. -

Every environment settings object has an algorithm for obtaining a referrer policy, which is used by default for all requests with that environment settings object as their request + behaviors for each referrer policy. +

Every environment settings object has an algorithm for obtaining a referrer policy, which is used by default for all requests with that environment settings object as their request client.

-
same-origin request +
same-origin request
A Request request is a same-origin request if request’s origin and the origin of request’s url are the same. -
cross-origin request -
A Request is a cross-origin request if it is not same-origin. +
cross-origin request +
A Request is a cross-origin request if it is not same-origin.

3. Referrer Policies

-

A referrer policy is the empty string, "no-referrer", +

A referrer policy is the empty string, "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "strict-origin", "origin-when-cross-origin", "strict-origin-when-cross-origin", or "unsafe-url".

-
enum ReferrerPolicy {
-  "",
-  "no-referrer",
-  "no-referrer-when-downgrade",
-  "same-origin",
-  "origin",
-  "strict-origin",
-  "origin-when-cross-origin",
-  "strict-origin-when-cross-origin",
-  "unsafe-url"
+
enum ReferrerPolicy {
+  "",
+  "no-referrer",
+  "no-referrer-when-downgrade",
+  "same-origin",
+  "origin",
+  "strict-origin",
+  "origin-when-cross-origin",
+  "strict-origin-when-cross-origin",
+  "unsafe-url"
 };
 

-    
Each possible referrer policy is explained below. A detailed
+    
Each possible referrer policy is explained below. A detailed
   algorithm for evaluating their effect is given in the §5 Integration with Fetch and §8 Algorithms sections.

     
Note: The referrer policy for an environment settings object provides a
   default baseline policy for requests when that environment settings
   object is used as a request client. This policy may be tightened
   for specific requests via mechanisms like the noreferrer link type.

-    
3.1. "no-referrer"

-    
The simplest policy is "no-referrer", which specifies
+    
3.1. "no-referrer"

+    
The simplest policy is "no-referrer", which specifies
   that no referrer information is to be sent along with requests made from a
   particular request client to any origin. The header will be
   omitted entirely.

-    
 If a document at https://example.com/page.html sets a policy of "no-referrer", then navigations to https://example.com/ (or any other URL) would send no Referer header. 

-    
3.2. "no-referrer-when-downgrade"

-    
The "no-referrer-when-downgrade" policy sends a full URL
+    
 If a document at https://example.com/page.html sets a policy of "no-referrer", then navigations to https://example.com/ (or any other URL) would send no Referer header. 

+    
3.2. "no-referrer-when-downgrade"

+    
The "no-referrer-when-downgrade" policy sends a full URL
   along with requests from a TLS-protected environment settings
   object to a a priori authenticated URL, and requests from request clients which are not TLS-protected to any origin.

     
Requests from TLS-protected request clients to non-a
@@ -1281,36 +1623,36 @@ 
Referer HTTP header will not be
   sent.

     

-      If a document at https://example.com/page.html sets a policy of "no-referrer-when-downgrade", then navigations to https://not.example.com/ would send a Referer HTTP header with a value of https://example.com/page.html, as neither resource’s origin is an
+      If a document at https://example.com/page.html sets a policy of "no-referrer-when-downgrade", then navigations to https://not.example.com/ would send a Referer HTTP header with a value of https://example.com/page.html, as neither resource’s origin is an
     non-a priori authenticated URL. 
      
Navigations from that same page to http://not.example.com/ would send no Referer header.

     

     
This is a user agent’s default behavior, if no policy is otherwise specified.

-    
3.3. "same-origin"

-    
The "same-origin" policy specifies that a
+    
3.3. "same-origin"

+    
The "same-origin" policy specifies that a
   full URL, stripped for use as a referrer, is sent as
-  referrer information when making same-origin requests from a particular request client.

-    
Cross-origin requests, on the other hand, will contain no
+  referrer information when making same-origin requests from a particular request client.

+    
Cross-origin requests, on the other hand, will contain no
   referrer information. A Referer HTTP header will not be
   sent.

     

-      If a document at https://example.com/page.html sets a policy of "same-origin", then navigations to https://example.com/not-page.html would send a Referer header with a value of https://example.com/page.html. 
+      If a document at https://example.com/page.html sets a policy of "same-origin", then navigations to https://example.com/not-page.html would send a Referer header with a value of https://example.com/page.html. 
      
Navigations from that same page to https://not.example.com/ would send no Referer header.

     

-    
3.4. "origin"

-    
The "origin" policy specifies that only the ASCII serialization of the origin of the request client is sent as referrer information
-  when making both same-origin requests and cross-origin requests from a particular request client.

+    
3.4. "origin"

+    
The "origin" policy specifies that only the ASCII serialization of the origin of the request client is sent as referrer information
+  when making both same-origin requests and cross-origin requests from a particular request client.

     
Note: The serialization of an origin looks like https://example.com. To ensure that a valid URL is sent in the
   `Referer` header, user agents will append a U+002F SOLIDUS
   ("/") character to the origin (e.g. https://example.com/).

-    
Note: The "origin" policy causes the origin of HTTPS
+    
Note: The "origin" policy causes the origin of HTTPS
   referrers to be sent over the network as part of unencrypted HTTP requests.
-  The "strict-origin" policy addresses this concern.

-    
 If a document at https://example.com/page.html sets a policy of "origin", then navigations to any origin would send a Referer header with a value
+  The "strict-origin" policy addresses this concern.

+    
 If a document at https://example.com/page.html sets a policy of "origin", then navigations to any origin would send a Referer header with a value
     of https://example.com/, even to URLs that are not a
     priori authenticated URLs. 

-    
3.5. "strict-origin"

-    
The "strict-origin" policy sends the ASCII serialization of the origin of the request client when making requests:

+    
3.5. "strict-origin"

+    
The "strict-origin" policy sends the ASCII serialization of the origin of the request client when making requests:

     

     
Note: The policy’s name doesn’t lie; it is unsafe. This policy will leak
   origins and paths from TLS-protected resources to insecure origins.
   Carefully consider the impact of setting such a policy for potentially
   sensitive documents.

     
3.9. The empty string

-    
The empty string "" corresponds to no referrer policy, causing a
-  fallback to a referrer policy defined elsewhere, or in the case where
-  no such higher-level policy is available, defaulting to "no-referrer-when-downgrade". This defaulting happens in
+    
The empty string "" corresponds to no referrer policy, causing a
+  fallback to a referrer policy defined elsewhere, or in the case where
+  no such higher-level policy is available, defaulting to "no-referrer-when-downgrade". This defaulting happens in
   the §8.3 Determine request’s Referrer algorithm.

-    
 Given a HTML a element without any declared referrerpolicy attribute, its referrer policy is the empty string. Thus, navigation
+    
 Given a HTML a element without any declared referrerpolicy attribute, its referrer policy is the empty string. Thus, navigation
     requests initiated by clicking on that a element will be sent
-    
     with the referrer
     policy of the a element’s node document. If that Document has the empty string as its referrer policy, the §8.3 Determine request’s Referrer algorithm will treat the empty
-    string the same as "no-referrer-when-downgrade". 

+    string the same as "no-referrer-when-downgrade".

4. Referrer Policy Delivery

@@ -1388,21 +1729,21 @@

  • Via the Referrer-Policy HTTP header (defined in §4.1 Delivery via Referrer-Policy header). -
  • Via a meta element with a name of referrer. +
  • Via a meta element with a name of referrer.
  • Via a referrerpolicy content attribute on an a, area, img, iframe, or link element.
  • Via the noreferrer link relation on an a, area, or link element.
  • Implicitly, via inheritance.

    4.1. Delivery via Referrer-Policy header

    -

    The Referrer-Policy HTTP +

    The Referrer-Policy HTTP header specifies the referrer policy that the user agent applies when determining what referrer information should be included with requests made, and with browsing contexts created from the context of the protected resource. The syntax for the name and value of the header are described by the following ABNF grammar:

    -
    "Referrer-Policy:" 1#policy-token
+
    "Referrer-Policy:" 1#policy-token
 
    
-
    policy-token   = "no-referrer" / "no-referrer-when-downgrade" / "strict-origin" / "strict-origin-when-cross-origin" / "same-origin" / "origin" / "origin-when-cross-origin" / "unsafe-url"
+
    policy-token   = "no-referrer" / "no-referrer-when-downgrade" / "strict-origin" / "strict-origin-when-cross-origin" / "same-origin" / "origin" / "origin-when-cross-origin" / "unsafe-url"
 
    
     
    Note: The header name does not share the HTTP Referer header’s misspelling.
    
     
    §5 Integration with Fetch and §6 Integration with HTML describe
@@ -1419,7 +1760,7 @@ 
    
      
    4.2. Delivery via meta
    
      
    This section is not normative.
    
-     
    The HTML Standard defines the referrer keyword for the meta element, which allows setting the referrer
+     
    The HTML Standard defines the referrer keyword for the meta element, which allows setting the referrer
     policy via markup.

    • @@ -1435,8 +1776,8 @@

    responses, such as iframe elements with - their srcdoc attribute set, or created from a blob URL, inherit - their referrer policy from the creator browsing context or blob URL.

    + their srcdoc attribute set, or created from a blob URL, inherit + their referrer policy from the creator browsing context or blob URL.

    @@ -1452,7 +1793,7 @@

    6. Integration with HTML

    This section is not normative.

    -

    The HTML Standard determines the referrer policy of any response +

    The HTML Standard determines the referrer policy of any response received during navigation or while running a worker, and uses the result to set the resulting Document or WorkerGlobalScope's referrer policy. This is later used by the corresponding environment @@ -1470,10 +1811,10 @@

    Implementations should keep track of a referrer policy for each stylesheet that should be used to create requests for resources from the respective stylesheet.

    -

    For external stylesheets, the referrer policy should be "no-referrer-when-downgrade" unless overwritten by an +

    For external stylesheets, the referrer policy should be "no-referrer-when-downgrade" unless overwritten by an `Referrer-Policy` header.

    Note: If the stylesheet was loaded via a HTML link element with a - declared referrerpolicy, this referrer policy will not affect the + declared referrerpolicy, this referrer policy will not affect the requests for resources referenced from the stylesheet.

    For inline stylesheets, and styles applied via an style attribute on an element, the referrer policy is the containing Document's referrer policy. Both the value of the referrer and the value of the @@ -1481,13 +1822,13 @@

    8. Algorithms

    -

    8.1. Parse a referrer policy from a Referrer-Policy header

    -

    Given a Response response, the following steps return a referrer policy according to response’s `Referrer-Policy` header:

    +

    8.1. Parse a referrer policy from a Referrer-Policy header

    +

    Given a Response response, the following steps return a referrer policy according to response’s `Referrer-Policy` header:

    1. Let policy-tokens be the result of parsing `Referrer-Policy` in response’s header list.
    2. Let policy be the empty string.
    3. - For each token in policy-tokens, if token is a referrer + For each token in policy-tokens, if token is a referrer policy and token is not the empty string, then set policy to token.

      Note: This algorithm loops over multiple policy values to allow deployment of new policy values with fallbacks for older user @@ -1537,17 +1878,17 @@

      no-referrer", Fetch will not call into this algorithm.

    4. Let referrerURL be the result of stripping referrerSource for use as a referrer.
    5. Let referrerOrigin be the result of stripping referrerSource for use as a - referrer, with the origin-only flag set to true. + referrer, with the origin-only flag set to true.
    6. Execute the statements corresponding to the value of policy:
      -
      "no-referrer" +
      "no-referrer"
      Return no referrer -
      "origin" +
      "origin"
      Return referrerOrigin -
      "unsafe-url" +
      "unsafe-url"
      Return referrerURL. -
      "strict-origin" +
      "strict-origin"
      1. @@ -1559,10 +1900,10 @@

      2. Return referrerOrigin.

      -
      "strict-origin-when-cross-origin" +
      "strict-origin-when-cross-origin"
        -
      1. If request is a same-origin request, then +
      2. If request is a same-origin request, then return referrerURL.
      3. If environment is not null: @@ -1576,21 +1917,21 @@

      4. Return referrerOrigin.

      -
      "same-origin" +
      "same-origin"
        -
      1. If request is a same-origin request, then +
      2. If request is a same-origin request, then return referrerURL.
      3. Otherwise, return no referrer.
      -
      "origin-when-cross-origin" +
      "origin-when-cross-origin"
        -
      1. If request is a cross-origin request, then +
      2. If request is a cross-origin request, then return referrerOrigin.
      3. Otherwise, return referrerURL.
      -
      "no-referrer-when-downgrade" +
      "no-referrer-when-downgrade"
      1. @@ -1603,14 +1944,14 @@

        Return referrerURL.

      -

      Note: Fetch will ensure request’s referrer policy is not the +

      Note: Fetch will ensure request’s referrer policy is not the empty string before calling this algorithm.

    8.4. Strip url for use as a referrer

    Certain portions of URLs MUST not be included when sending a URL as the value of a `Referer` header: a URLs fragment, username, and password components should be stripped from the URL before it’s sent out. This - algorithm accepts a origin-only flag, which defaults + algorithm accepts a origin-only flag, which defaults to false. If set to true, the algorithm will additionally remove the URL’s path and query components, leaving only the scheme, host, and port.

    @@ -1622,7 +1963,7 @@

  • Set url’s password to null.
  • Set url’s fragment to null.
  • - If the origin-only flag is true, + If the origin-only flag is true, then:
    1. Set url’s path to null. @@ -1630,6 +1971,58 @@

  • Return url. +

    8.5. Determine the Ancestor Origin availble to a Location

    + Given a Location location and a browsing context context we can determine what origin information for context should be included in location’s ancestor origins array. +
      +
    1. Let document be context’s active document. +
    2. Let documentOrigin be document’s origin. +
    3. If documentOrigin is an opaque origin, return "null". +
    4. Let locationOrigin be location’s relevant Document’s origin. +
    5. Let policy be document’s referrer policy. +
    6. + Execute the statements corresponding to the value of policy: +
      +
      "no-referrer" +
      Return "null" +
      "origin" +
      Return documentOrigin. +
      "unsafe-url" +
      Return documentOrigin. +
      "strict-origin" +
      +
        +
      1. If context is TLS-protected and locationOrigin is not an a priori authenticated + URL, return "null". +
      2. Return documentOrigin +
      +
      "strict-origin-when-cross-origin" +
      +
        +
      1. If documentOrigin and locationOrigin are same origin, return documentOrigin. +
      2. If context is TLS-protected and locationOrigin is not an a priori authenticated + URL, return "null". +
      3. Return documentOrigin +
      +
      "same-origin" +
      +
        +
      1. If documentOrigin and locationOrigin are same origin, return documentOrigin. +
      2. Otherwise, return "null". +
      +
      "origin-when-cross-origin" +
      +
        +
      1. Return documentOrigin. +
      +
      "no-referrer-when-downgrade" +
      +
        +
      1. If context is TLS-protected and locationOrigin is not an a priori authenticated + URL, return "null". +
      2. Return documentOrigin +
      +
      +

    • 9. Privacy Considerations

    @@ -1638,22 +2031,22 @@

    referrer policy on a page.

    + active referrer policy on a page.

    10. Security Considerations

    10.1. Information Leakage

    -

    The referrer policies "origin", "origin-when-cross-origin" and "unsafe-url" might leak the origin and the URL of +

    The referrer policies "origin", "origin-when-cross-origin" and "unsafe-url" might leak the origin and the URL of a secure site respectively via insecure transport.

    Those three policies are included in the spec nevertheless to lower the friction of sites adopting secure transport.

    Authors wanting to ensure that they do not leak any more information than - the default policy should instead use the policy states "same-origin", "strict-origin", "strict-origin-when-cross-origin" or "no-referrer".

    + the default policy should instead use the policy states "same-origin", "strict-origin", "strict-origin-when-cross-origin" or "no-referrer".

    10.2. Downgrade to less strict policies

    -

    The spec does not forbid downgrading to less strict policies, e.g., from "no-referrer" to "unsafe-url".

    +

    The spec does not forbid downgrading to less strict policies, e.g., from "no-referrer" to "unsafe-url".

    On the one hand, it is not clear which policy is more strict for all possible - pairs of policies: While "no-referrer-when-downgrade" will - not leak any information over insecure transport, and "origin" will, the latter reveals less information + pairs of policies: While "no-referrer-when-downgrade" will + not leak any information over insecure transport, and "origin" will, the latter reveals less information across cross-origin navigations.

    On the other hand, allowing for setting less strict policies enables authors to define safe fallbacks as described in §11.1 Unknown Policy Values.

    @@ -1666,9 +2059,9 @@

    Suppose older user agents don’t understand - the "unsafe-url" policy. A site can specify - an "origin" policy followed by an "unsafe-url" policy: older user agents will ignore the - unknown "unsafe-url" value and use "origin", while newer user agents will use "unsafe-url" because it is the last to be processed.
    + the "unsafe-url" policy. A site can specify + an "origin" policy followed by an "unsafe-url" policy: older user agents will ignore the + unknown "unsafe-url" value and use "origin", while newer user agents will use "unsafe-url" because it is the last to be processed.

    This behavior does not, however, apply to the referrerpolicy attribute. Authors may dynamically set and get the referrerpolicy attribute to detect whether a @@ -1682,22 +2075,22 @@

    Conformance

    Document conventions

    Conformance requirements are expressed with a combination of - descriptive assertions and RFC 2119 terminology. The key words "MUST", - "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", - "RECOMMENDED", "MAY", and "OPTIONAL" in the normative parts of this + descriptive assertions and RFC 2119 terminology. The key words “MUST”, + “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, + “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

    All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

    -

    Examples in this specification are introduced with the words "for example" +

    Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

    This is an example of an informative example.

    -

    Informative notes begin with the word "Note" and are set apart from the +

    Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

    Note, this is an informative note.

    Conformant Algorithms

    @@ -1710,31 +2103,81 @@

    -

    Index

    -

    Terms defined by this specification

    -
      + +

      Index

      +

      Terms defined by this specification

      + -

      Terms defined by reference

      -
        +

        Terms defined by reference

        + -

        References

        -

        Normative References

        +

        References

        +

        Normative References

        -
        [FETCH] +
        [FETCH]
        Anne van Kesteren. Fetch. Living Standard. URL: http://fetch.spec.whatwg.org/ -
        [HTML] +
        [HTML]
        Ian Hickson. HTML Standard. Living Standard. URL: https://html.spec.whatwg.org/multipage/ -
        [MIX] +
        [MIX]
        Mike West. Mixed Content. ED. URL: https://w3c.github.io/webappsec/specs/mixedcontent/ -
        [RFC6454] +
        [RFC2119] +
        S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119 +
        [RFC6454]
        Adam Barth. The Web Origin Concept. RFC. URL: http://www.ietf.org/rfc/rfc6454.txt -
        [RFC7231] +
        [RFC7231]
        Roy T. Fielding; Julian F. Reschke. HTTP/1.1 Semantics and Content. RFC. URL: http://www.ietf.org/rfc/rfc7231.txt -
        [DOM-LS] -
        Document Object Model URL: https://dom.spec.whatwg.org/ -
        [RFC2119] -
        S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119 -
        [URL] -
        Anne van Kesteren; Sam Ruby. URL. 9 December 2014. WD. URL: http://www.w3.org/TR/url-1/ -
        [WSC-UI] -
        Thomas Roessler; Anil Saldhana. Web Security Context: User Interface Guidelines. 12 August 2010. REC. URL: http://www.w3.org/TR/wsc-ui/ +
        [WHATWG-DOM] +
        Anne van Kesteren. DOM Standard. Living Standard. URL: https://dom.spec.whatwg.org/ +
        [WHATWG-URL] +
        Anne van Kesteren. URL Standard. Living Standard. URL: https://url.spec.whatwg.org/ +
        [WSC-UI] +
        Thomas Roessler; Anil Saldhana. Web Security Context: User Interface Guidelines. 12 August 2010. REC. URL: https://www.w3.org/TR/wsc-ui/
        -

        Informative References

        +

        Informative References

        -
        [CAPABILITY-URLS] +
        [CAPABILITY-URLS]
        Jenni Tennison. Capability URLs. WD. URL: http://www.w3.org/TR/capability-urls/
        -

        IDL Index

        -
        enum ReferrerPolicy {
-  "",
-  "no-referrer",
-  "no-referrer-when-downgrade",
-  "same-origin",
-  "origin",
-  "strict-origin",
-  "origin-when-cross-origin",
-  "strict-origin-when-cross-origin",
-  "unsafe-url"
+  
        IDL Index
        
+
        enum ReferrerPolicy {
+  "",
+  "no-referrer",
+  "no-referrer-when-downgrade",
+  "same-origin",
+  "origin",
+  "strict-origin",
+  "origin-when-cross-origin",
+  "strict-origin-when-cross-origin",
+  "unsafe-url"
 };
 
 
        
- 
-
\ No newline at end of file
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+
\ No newline at end of file
diff --git a/index.src.html b/index.src.html
index cfdb055..2258407 100644
--- a/index.src.html
+++ b/index.src.html
@@ -84,6 +84,8 @@ 
        Referrer Policy
        
       text: reflect
       text: limited to only known values
       text: referrer policy attribute
+			text: location
+			text: ancestor origins array; url: concept-location-ancestor-origins-array
     urlPrefix: webappapis.html
       text: queue a task
       text: task source
@@ -958,6 +960,103 @@ 
        
     
   
 
+  
        
+    Determine the Ancestor Origin availble to a Location
+  
        
+	Given a Location location and a browsing context context
+	we can determine what origin information for context should be included in
+	location's ancestor origins array.
+
+  
          
+		
        1. Let document be context's active document.
          2. 
+		
        2. Let documentOrigin be document's origin.
          3. 
+		
        3. If documentOrigin is an opaque origin, return "null".
+		
        4. Let locationOrigin be location's relevant Document's origin.
+		
        5. Let policy be document's referrer policy.
          6. 
+    
        6. 
+      Execute the statements corresponding to the value of policy:
+
+      
          
+        
          "no-referrer"
          
+        
          Return "null"
          
+
+        
          "origin"
          
+        
          Return documentOrigin.
          
+
+        
          "unsafe-url"
          
+        
          Return documentOrigin.
          
+
+        
          "strict-origin"
          
+        
          
+          
            
+            
          1. 
+              If context is TLS-protected and
+              locationOrigin is not an a priori authenticated
+              URL, return "null".
+            
            2. 
+						
          2. 
+						  Return documentOrigin
+						
            3. 
+          
          
+        
          
+
+        
          "strict-origin-when-cross-origin"
          
+        
          
+          
            
+            
          1. 
+              If documentOrigin and locationOrigin
+							are same origin, return documentOrigin.
+            
            2. 
+            
          2. 
+              If context is TLS-protected and
+              locationOrigin is not an a priori authenticated
+              URL, return "null".
+            
            3. 
+						
          3. 
+						  Return documentOrigin
+						
            4. 
+          
          
+        
          
+
+        
          "same-origin"
          
+        
          
+          
            
+            
          1. 
+              If documentOrigin and locationOrigin
+							are same origin, return documentOrigin.
+            
            2. 
+            
          2. 
+              Otherwise, return "null".
+            
            3. 
+          
          
+        
          
+
+        
          "origin-when-cross-origin"
          
+        
          
+          
            
+            
          1. 
+              Return documentOrigin.
+            
            2. 
+          
          
+        
          
+
+        
          "no-referrer-when-downgrade"
          
+        
          
+          
            
+            
          1. 
+              If context is TLS-protected and
+              locationOrigin is not an a priori authenticated
+              URL, return "null".
+            
            2. 
+						
          2. 
+						  Return documentOrigin
+						
            3. 
+          
          
+        
          
+      
          
+			
          7. 
+  
        
+
 
 
 
        

From 415b7db817c50cda616b669864d5cd49b6df1f2a Mon Sep 17 00:00:00 2001
From: Brad Hill 
Date: Mon, 17 Oct 2016 17:43:16 -0700
Subject: [PATCH 2/5] algorithm for determining ancestorOrigin for a Location

---
 index.html     | 2192 +++++++++++++++++++++++++++++++-----------------
 index.src.html |   99 +++
 2 files changed, 1528 insertions(+), 763 deletions(-)

diff --git a/index.html b/index.html
index 2823a66..05804f6 100644
--- a/index.html
+++ b/index.html
@@ -1,55 +1,319 @@
 
  
   
+  
   Referrer Policy
-
   
-
+
+
+
+
+
- 
  
   
        
-   
         
        
+   
         
        
    
        Referrer Policy
        
-   
        Editor’s Draft, 
        
+   
        Editor’s Draft, 
        
    
-  
        Table of Contents
        
-  
        
-   
-  
        
+   
+  
   
        
    
        
     
        1. Introduction
        
@@ -1227,53 +1569,53 @@ 
        2. Key Concepts and Terminology
        
     
        
-     
         referrer policy 
+     
         referrer policy 
      
        
-       A referrer policy modifies the algorithm used to populate the Referer header when fetching subresources,
+       A referrer policy modifies the algorithm used to populate the Referer header when fetching subresources,
       prefetching, or performing navigations. This document defines the various
-      behaviors for each referrer policy. 
-      
        Every environment settings object has an algorithm for obtaining a referrer policy, which is used by default for all requests with that environment settings object as their request
+      behaviors for each referrer policy. 
+      
        Every environment settings object has an algorithm for obtaining a referrer policy, which is used by default for all requests with that environment settings object as their request
       client.
        
-     
        same-origin request
+     
        same-origin request
      
         A Request request is a same-origin request if request’s origin and the origin of request’s url are the same. 
-     
        cross-origin request
-     
         A Request is a cross-origin request if it is not same-origin. 
+     
        cross-origin request
+     
         A Request is a cross-origin request if it is not same-origin. 
     
        
    
        
    
        
     
        3. Referrer Policies
        
-    
        A referrer policy is the empty string, "no-referrer",
+    
        A referrer policy is the empty string, "no-referrer",
   "no-referrer-when-downgrade", "same-origin",
   "origin", "strict-origin",
   "origin-when-cross-origin",
   "strict-origin-when-cross-origin", or
   "unsafe-url".
        
-
        enum ReferrerPolicy {
-  "",
-  "no-referrer",
-  "no-referrer-when-downgrade",
-  "same-origin",
-  "origin",
-  "strict-origin",
-  "origin-when-cross-origin",
-  "strict-origin-when-cross-origin",
-  "unsafe-url"
+
        enum ReferrerPolicy {
+  "",
+  "no-referrer",
+  "no-referrer-when-downgrade",
+  "same-origin",
+  "origin",
+  "strict-origin",
+  "origin-when-cross-origin",
+  "strict-origin-when-cross-origin",
+  "unsafe-url"
 };
 
        
-    
        Each possible referrer policy is explained below. A detailed
+    
        Each possible referrer policy is explained below. A detailed
   algorithm for evaluating their effect is given in the §5 Integration with Fetch and §8 Algorithms sections.
        
     
        Note: The referrer policy for an environment settings object provides a
   default baseline policy for requests when that environment settings
   object is used as a request client. This policy may be tightened
   for specific requests via mechanisms like the noreferrer link type.
        
-    
        3.1. "no-referrer"
        
-    
        The simplest policy is "no-referrer", which specifies
+    
        3.1. "no-referrer"
        
+    
        The simplest policy is "no-referrer", which specifies
   that no referrer information is to be sent along with requests made from a
   particular request client to any origin. The header will be
   omitted entirely.
        
-    
         If a document at https://example.com/page.html sets a policy of "no-referrer", then navigations to https://example.com/ (or any other URL) would send no Referer header. 
        
-    
        3.2. "no-referrer-when-downgrade"
        
-    
        The "no-referrer-when-downgrade" policy sends a full URL
+    
         If a document at https://example.com/page.html sets a policy of "no-referrer", then navigations to https://example.com/ (or any other URL) would send no Referer header. 
        
+    
        3.2. "no-referrer-when-downgrade"
        
+    
        The "no-referrer-when-downgrade" policy sends a full URL
   along with requests from a TLS-protected environment settings
   object to a a priori authenticated URL, and requests from request clients which are not TLS-protected to any origin.
        
     
        Requests from TLS-protected request clients to non-a
@@ -1281,36 +1623,36 @@ 
        Referer HTTP header will not be
   sent.
        
     
        
-      If a document at https://example.com/page.html sets a policy of "no-referrer-when-downgrade", then navigations to https://not.example.com/ would send a Referer HTTP header with a value of https://example.com/page.html, as neither resource’s origin is an
+      If a document at https://example.com/page.html sets a policy of "no-referrer-when-downgrade", then navigations to https://not.example.com/ would send a Referer HTTP header with a value of https://example.com/page.html, as neither resource’s origin is an
     non-a priori authenticated URL. 
      
        Navigations from that same page to http://not.example.com/ would send no Referer header.
        
     
        
     
        This is a user agent’s default behavior, if no policy is otherwise specified.
        
-    
        3.3. "same-origin"
        
-    
        The "same-origin" policy specifies that a
+    
        3.3. "same-origin"
        
+    
        The "same-origin" policy specifies that a
   full URL, stripped for use as a referrer, is sent as
-  referrer information when making same-origin requests from a particular request client.
        
-    
        Cross-origin requests, on the other hand, will contain no
+  referrer information when making same-origin requests from a particular request client.
        
+    
        Cross-origin requests, on the other hand, will contain no
   referrer information. A Referer HTTP header will not be
   sent.
        
     
        
-      If a document at https://example.com/page.html sets a policy of "same-origin", then navigations to https://example.com/not-page.html would send a Referer header with a value of https://example.com/page.html. 
+      If a document at https://example.com/page.html sets a policy of "same-origin", then navigations to https://example.com/not-page.html would send a Referer header with a value of https://example.com/page.html. 
      
        Navigations from that same page to https://not.example.com/ would send no Referer header.
        
     
        
-    
        3.4. "origin"
        
-    
        The "origin" policy specifies that only the ASCII serialization of the origin of the request client is sent as referrer information
-  when making both same-origin requests and cross-origin requests from a particular request client.
        
+    
        3.4. "origin"
        
+    
        The "origin" policy specifies that only the ASCII serialization of the origin of the request client is sent as referrer information
+  when making both same-origin requests and cross-origin requests from a particular request client.
        
     
        Note: The serialization of an origin looks like https://example.com. To ensure that a valid URL is sent in the
   `Referer` header, user agents will append a U+002F SOLIDUS
   ("/") character to the origin (e.g. https://example.com/).
        
-    
        Note: The "origin" policy causes the origin of HTTPS
+    
        Note: The "origin" policy causes the origin of HTTPS
   referrers to be sent over the network as part of unencrypted HTTP requests.
-  The "strict-origin" policy addresses this concern.
        
-    
         If a document at https://example.com/page.html sets a policy of "origin", then navigations to any origin would send a Referer header with a value
+  The "strict-origin" policy addresses this concern.
        
+    
         If a document at https://example.com/page.html sets a policy of "origin", then navigations to any origin would send a Referer header with a value
     of https://example.com/, even to URLs that are not a
     priori authenticated URLs. 
        
-    
        3.5. "strict-origin"
        
-    
        The "strict-origin" policy sends the ASCII serialization of the origin of the request client when making requests:
        
+    
        3.5. "strict-origin"
        
+    
        The "strict-origin" policy sends the ASCII serialization of the origin of the request client when making requests:
        
     
        
     
        Note: The policy’s name doesn’t lie; it is unsafe. This policy will leak
   origins and paths from TLS-protected resources to insecure origins.
   Carefully consider the impact of setting such a policy for potentially
   sensitive documents.
        
     
        3.9. The empty string
        
-    
        The empty string "" corresponds to no referrer policy, causing a
-  fallback to a referrer policy defined elsewhere, or in the case where
-  no such higher-level policy is available, defaulting to "no-referrer-when-downgrade". This defaulting happens in
+    
        The empty string "" corresponds to no referrer policy, causing a
+  fallback to a referrer policy defined elsewhere, or in the case where
+  no such higher-level policy is available, defaulting to "no-referrer-when-downgrade". This defaulting happens in
   the §8.3 Determine request’s Referrer algorithm.
        
-    
         Given a HTML a element without any declared referrerpolicy attribute, its referrer policy is the empty string. Thus, navigation
+    
         Given a HTML a element without any declared referrerpolicy attribute, its referrer policy is the empty string. Thus, navigation
     requests initiated by clicking on that a element will be sent
-    
     with the referrer
     policy of the a element’s node document. If that Document has the empty string as its referrer policy, the §8.3 Determine request’s Referrer algorithm will treat the empty
-    string the same as "no-referrer-when-downgrade". 
        
+    string the same as "no-referrer-when-downgrade". 
        
    
        
    
        
     
        4. Referrer Policy Delivery
        
@@ -1388,21 +1729,21 @@ 
        
      
      •  Via the Referrer-Policy HTTP header (defined
       in §4.1 Delivery via Referrer-Policy header). 
-     
      •  Via a meta element with a name of referrer. 
+     
      •  Via a meta element with a name of referrer. 
      
      •  Via a referrerpolicy content attribute on an a, area, img, iframe, or link element. 
      
      •  Via the noreferrer link relation on an a, area, or link element. 
      
      •  Implicitly, via inheritance.

      4.1. Delivery via Referrer-Policy header

      -

      The Referrer-Policy HTTP +

      The Referrer-Policy HTTP header specifies the referrer policy that the user agent applies when determining what referrer information should be included with requests made, and with browsing contexts created from the context of the protected resource. The syntax for the name and value of the header are described by the following ABNF grammar:

      -
      "Referrer-Policy:" 1#policy-token
+
      "Referrer-Policy:" 1#policy-token
 
      
-
      policy-token   = "no-referrer" / "no-referrer-when-downgrade" / "strict-origin" / "strict-origin-when-cross-origin" / "same-origin" / "origin" / "origin-when-cross-origin" / "unsafe-url"
+
      policy-token   = "no-referrer" / "no-referrer-when-downgrade" / "strict-origin" / "strict-origin-when-cross-origin" / "same-origin" / "origin" / "origin-when-cross-origin" / "unsafe-url"
 
      
     
      Note: The header name does not share the HTTP Referer header’s misspelling.
      
     
      §5 Integration with Fetch and §6 Integration with HTML describe
@@ -1419,7 +1760,7 @@ 
      
      
      4.2. Delivery via meta
      
      
      This section is not normative.
      
-     
      The HTML Standard defines the referrer keyword for the meta element, which allows setting the referrer
+     
      The HTML Standard defines the referrer keyword for the meta element, which allows setting the referrer
     policy via markup.
      
     
     
      
@@ -1435,8 +1776,8 @@ 
      responses, such as iframe elements with
-    their srcdoc attribute set, or created from a blob URL, inherit
-    their referrer policy from the creator browsing context or blob URL.
      
+    their srcdoc attribute set, or created from a blob URL, inherit
+    their referrer policy from the creator browsing context or blob URL.
      
     
      
    
    
      
@@ -1452,7 +1793,7 @@ 
      
     
      6. Integration with HTML
      
     
      This section is not normative.
      
-    
      The HTML Standard determines the referrer policy of any response
+    
      The HTML Standard determines the referrer policy of any response
   received during navigation or while running a worker, and uses
   the result to set the resulting Document or WorkerGlobalScope's
   referrer policy. This is later used by the corresponding environment
@@ -1470,10 +1811,10 @@ 
      Implementations should keep track of a referrer policy for each stylesheet
   that should be used to create requests for resources from the respective
   stylesheet.
      
-    
      For external stylesheets, the referrer policy should be "no-referrer-when-downgrade" unless overwritten by an
+    
      For external stylesheets, the referrer policy should be "no-referrer-when-downgrade" unless overwritten by an
   `Referrer-Policy` header.
      
     
      Note: If the stylesheet was loaded via a HTML link element with a
-  declared referrerpolicy, this referrer policy will not affect the
+  declared referrerpolicy, this referrer policy will not affect the
   requests for resources referenced from the stylesheet.
      
     
      For inline stylesheets, and styles applied via an style attribute on an element, the referrer policy is the containing Document's
   referrer policy.  Both the value of the referrer and the value of the
@@ -1481,13 +1822,13 @@ 
      
    
      
     
      8. Algorithms
      
-    
      8.1.  Parse a referrer policy from a Referrer-Policy header 
      
-    
      Given a Response response, the following steps return a referrer policy according to response’s `Referrer-Policy` header:
      
+    
      8.1.  Parse a referrer policy from a Referrer-Policy header 
      
+    
      Given a Response response, the following steps return a referrer policy according to response’s `Referrer-Policy` header:
      
     
        
      
      1.  Let policy-tokens be the result of parsing `Referrer-Policy` in response’s header list. 
      
      2.  Let policy be the empty string. 
      
      3. 
-       For each token in policy-tokens, if token is a referrer
+       For each token in policy-tokens, if token is a referrer
       policy and token is not the empty string, then set policy to token. 
       
        Note: This algorithm loops over multiple policy values to allow
 	  deployment of new policy values with fallbacks for older user
@@ -1537,17 +1878,17 @@ 
        no-referrer", Fetch will not call into this algorithm.
        
      
      4.  Let referrerURL be the result of stripping referrerSource for use as a referrer. 
      
      5.  Let referrerOrigin be the result of stripping referrerSource for use as a
-      referrer, with the origin-only flag set to true. 
+      referrer, with the origin-only flag set to true. 
      
      6. 
        Execute the statements corresponding to the value of policy: 
       
        
-       
        "no-referrer"
+       
        "no-referrer"
        
        Return no referrer
-       
        "origin"
+       
        "origin"
        
        Return referrerOrigin
-       
        "unsafe-url"
+       
        "unsafe-url"
        
        Return referrerURL.
-       
        "strict-origin"
+       
        "strict-origin"
        
        
         
          
          
        1. 
@@ -1559,10 +1900,10 @@ 
          
          
        2. Return referrerOrigin. 
         
        
-       
        "strict-origin-when-cross-origin"
+       
        "strict-origin-when-cross-origin"
        
        
         
          
-         
        1.  If request is a same-origin request, then
+         
        2.  If request is a same-origin request, then
               return referrerURL. 
          
        3. 
            If environment is not null: 
@@ -1576,21 +1917,21 @@ 
          
          
        4. Return referrerOrigin. 
         
        
-       
        "same-origin"
+       
        "same-origin"
        
        
         
          
-         
        1.  If request is a same-origin request, then
+         
        2.  If request is a same-origin request, then
               return referrerURL. 
          
        3.  Otherwise, return no referrer. 
         
        
-       
        "origin-when-cross-origin"
+       
        "origin-when-cross-origin"
        
        
         
          
-         
        1.  If request is a cross-origin request, then
+         
        2.  If request is a cross-origin request, then
               return referrerOrigin. 
          
        3.  Otherwise, return referrerURL. 
         
        
-       
        "no-referrer-when-downgrade"
+       
        "no-referrer-when-downgrade"
        
        
         
          
          
        1. 
@@ -1603,14 +1944,14 @@ 
          Return referrerURL. 
         
        
       
        
-      
        Note: Fetch will ensure request’s referrer policy is not the
+      
        Note: Fetch will ensure request’s referrer policy is not the
       empty string before calling this algorithm.
        
     
      
     
      8.4.  Strip url for use as a referrer 
      
     
      Certain portions of URLs MUST not be included when sending a URL as the value
   of a `Referer` header: a URLs fragment, username, and password
   components should be stripped from the URL before it’s sent out. This
-  algorithm accepts a origin-only flag, which defaults
+  algorithm accepts a origin-only flag, which defaults
   to false. If set to true, the algorithm will
   additionally remove the URL’s path and query components, leaving only the
   scheme, host, and port.
      
@@ -1622,7 +1963,7 @@ 
      
      
    •  Set url’s password to null. 
      
    •  Set url’s fragment to null. 
      
    • 
-       If the origin-only flag is true,
+       If the origin-only flag is true,
       then: 
       
        
        
      1.  Set url’s path to null. 
@@ -1630,6 +1971,58 @@ 
        
       
      
      
    •  Return url. 
     
+    
      8.5.  Determine the Ancestor Origin availble to a Location 
      
+     Given a Location location and a browsing context context we can determine what origin information for context should be included in location’s ancestor origins array. 
+    
        
+     
      1. Let document be context’s active document.
+     
      2. Let documentOrigin be document’s origin.
+     
      3. If documentOrigin is an opaque origin, return "null". 
+     
      4. Let locationOrigin be location’s relevant Document’s origin. 
+     
      5. Let policy be document’s referrer policy.
+     
      6. 
+       Execute the statements corresponding to the value of policy: 
+      
        
+       
        "no-referrer"
+       
        Return "null"
+       
        "origin"
+       
        Return documentOrigin.
+       
        "unsafe-url"
+       
        Return documentOrigin.
+       
        "strict-origin"
+       
        
+        
          
+         
        1.  If context is TLS-protected and locationOrigin is not an a priori authenticated
+              URL, return "null". 
+         
        2.  Return documentOrigin 
+        
        
+       
        "strict-origin-when-cross-origin"
+       
        
+        
          
+         
        1.  If documentOrigin and locationOrigin are same origin, return documentOrigin. 
+         
        2.  If context is TLS-protected and locationOrigin is not an a priori authenticated
+              URL, return "null". 
+         
        3.  Return documentOrigin 
+        
        
+       
        "same-origin"
+       
        
+        
          
+         
        1.  If documentOrigin and locationOrigin are same origin, return documentOrigin. 
+         
        2.  Otherwise, return "null". 
+        
        
+       
        "origin-when-cross-origin"
+       
        
+        
          
+         
        1.  Return documentOrigin. 
+        
        
+       
        "no-referrer-when-downgrade"
+       
        
+        
          
+         
        1.  If context is TLS-protected and locationOrigin is not an a priori authenticated
+              URL, return "null". 
+         
        2.  Return documentOrigin 
+        
        
+      
        
+    
      
    
      • 
    
      
     
      9. Privacy Considerations
      
@@ -1638,22 +2031,22 @@ 
      referrer policy on a page.
      
+  active referrer policy on a page.
      
    
      
    
      
     
      10. Security Considerations
      
     
      10.1. Information Leakage
      
-    
      The referrer policies "origin", "origin-when-cross-origin" and "unsafe-url" might leak the origin and the URL of
+    
      The referrer policies "origin", "origin-when-cross-origin" and "unsafe-url" might leak the origin and the URL of
   a secure site respectively via insecure transport.
      
     
      Those three policies are included in the spec nevertheless to lower the friction
   of sites adopting secure transport.
      
     
      Authors wanting to ensure that they do not leak any more information than
-  the default policy should instead use the policy states "same-origin", "strict-origin", "strict-origin-when-cross-origin" or "no-referrer".
      
+  the default policy should instead use the policy states "same-origin", "strict-origin", "strict-origin-when-cross-origin" or "no-referrer".
      
     
      10.2. Downgrade to less strict policies
      
-    
      The spec does not forbid downgrading to less strict policies, e.g., from "no-referrer" to "unsafe-url".
      
+    
      The spec does not forbid downgrading to less strict policies, e.g., from "no-referrer" to "unsafe-url".
      
     
      On the one hand, it is not clear which policy is more strict for all possible
-  pairs of policies: While "no-referrer-when-downgrade" will
-  not leak any information over insecure transport, and "origin" will, the latter reveals less information
+  pairs of policies: While "no-referrer-when-downgrade" will
+  not leak any information over insecure transport, and "origin" will, the latter reveals less information
   across cross-origin navigations.
      
     
      On the other hand, allowing for setting less strict policies enables authors
   to define safe fallbacks as described in §11.1 Unknown Policy Values.
      
@@ -1666,9 +2059,9 @@ 
      
     
       Suppose older user agents don’t understand
-    the "unsafe-url" policy. A site can specify
-    an "origin" policy followed by an "unsafe-url" policy: older user agents will ignore the
-    unknown "unsafe-url" value and use "origin", while newer user agents will use "unsafe-url" because it is the last to be processed. 
      
+    the "unsafe-url" policy. A site can specify
+    an "origin" policy followed by an "unsafe-url" policy: older user agents will ignore the
+    unknown "unsafe-url" value and use "origin", while newer user agents will use "unsafe-url" because it is the last to be processed. 
     
      This behavior does not, however, apply to
   the referrerpolicy attribute. Authors may dynamically set
   and get the referrerpolicy attribute to detect whether a
@@ -1682,22 +2075,22 @@ 
      Conformance
      
   
      Document conventions
      
   
      Conformance requirements are expressed with a combination of
-    descriptive assertions and RFC 2119 terminology. The key words "MUST",
-    "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
-    "RECOMMENDED", "MAY", and "OPTIONAL" in the normative parts of this
+    descriptive assertions and RFC 2119 terminology. The key words “MUST”,
+    “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”,
+    “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this
     document are to be interpreted as described in RFC 2119.
     However, for readability, these words do not appear in all uppercase
     letters in this specification. 
      
   
      All of the text of this specification is normative except sections
     explicitly marked as non-normative, examples, and notes. [RFC2119]
      
-  
      Examples in this specification are introduced with the words "for example"
+  
      Examples in this specification are introduced with the words “for example”
     or are set apart from the normative text with class="example",
     like this: 
      
   
      
     
    
      This is an example of an informative example.
      
   
      
-  
      Informative notes begin with the word "Note" and are set apart from the
+  
      Informative notes begin with the word “Note” and are set apart from the
     normative text with class="note", like this: 
      
   
      Note, this is an informative note.
      
   
      Conformant Algorithms
      
@@ -1710,31 +2103,81 @@ 
      
-  
      Index
      
-  
      Terms defined by this specification
      
-  
      
 
 
      

From 8773d6eced1018852f816285d580a1e6447a6a54 Mon Sep 17 00:00:00 2001
From: Brad Hill 
Date: Tue, 18 Oct 2016 10:33:02 -0700
Subject: [PATCH 3/5] unicode serialize origins so return value is uniformly a
 string

---
 index.html     | 16 ++++++++--------
 index.src.html | 19 +++++++++++--------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/index.html b/index.html
index 05804f6..97f4fff 100644
--- a/index.html
+++ b/index.html
@@ -1985,41 +1985,41 @@ 
      "no-referrer"
        
      Return "null"
        
      "origin"
-       
      Return documentOrigin.
+       
      Return the Unicode serialization of documentOrigin.
        
      "unsafe-url"
-       
      Return documentOrigin.
+       
      Return  the Unicode serialization of documentOrigin.
        
      "strict-origin"
        
      
         
        
          
      1.  If context is TLS-protected and locationOrigin is not an a priori authenticated
               URL, return "null". 
-         
      2.  Return documentOrigin 
+         
      3.  Return the Unicode serialization of documentOrigin 
         
      
        
      "strict-origin-when-cross-origin"
        
      
         
        
-         
      1.  If documentOrigin and locationOrigin are same origin, return documentOrigin. 
+         
      2.  If documentOrigin and locationOrigin are same origin, return  the Unicode serialization of documentOrigin. 
          
      3.  If context is TLS-protected and locationOrigin is not an a priori authenticated
               URL, return "null". 
-         
      4.  Return documentOrigin 
+         
      5.  Return the Unicode serialization of documentOrigin 
         
      
        
      "same-origin"
        
      
         
        
-         
      1.  If documentOrigin and locationOrigin are same origin, return documentOrigin. 
+         
      2.  If documentOrigin and locationOrigin are same origin, return the Unicode serialization of documentOrigin. 
          
      3.  Otherwise, return "null". 
         
      
        
      "origin-when-cross-origin"
        
      
         
        
-         
      1.  Return documentOrigin. 
+         
      2.  Return the Unicode serialization of documentOrigin. 
         
      
        
      "no-referrer-when-downgrade"
        
      
         
        
          
      1.  If context is TLS-protected and locationOrigin is not an a priori authenticated
               URL, return "null". 
-         
      2.  Return documentOrigin 
+         
      3.  Return the Unicode serialization of documentOrigin 
         
      
       
     
diff --git a/index.src.html b/index.src.html
index 8f72a57..dc512b4 100644
--- a/index.src.html
+++ b/index.src.html
@@ -66,6 +66,7 @@ 
      Referrer Policy
      
       text: sandboxed origin browsing context flag
       text: sandboxing flag set
       text: top-level browsing context
+			text: unicode serialization url: unicode-serialisation-of-an-origin
     urlPrefix: infrastructure.html
       text: ascii case-insensitive match; url: ascii-case-insensitive
       text: fragment; url: concept-url-fragment
@@ -981,10 +982,10 @@ 
      
         
      Return "null"
      
 
         
      "origin"
      
-        
      Return documentOrigin.
      
+        
      Return the Unicode serialization of documentOrigin.
      
 
         
      "unsafe-url"
      
-        
      Return documentOrigin.
      
+        
      Return  the Unicode serialization of documentOrigin.
      
 
         
      "strict-origin"
      
         
      
@@ -995,7 +996,7 @@ 
      
               URL, return "null".
             
             
    • 
-              Return documentOrigin
+              Return the Unicode serialization of documentOrigin
             
      • 
           
         
      
@@ -1005,7 +1006,8 @@ 
      
           
        
             
      1. 
               If documentOrigin and locationOrigin
-              are same origin, return documentOrigin.
+              are same origin, return  the Unicode serialization of 
+							documentOrigin.
             
        2. 
             
      2. 
               If context is TLS-protected and
@@ -1013,7 +1015,7 @@ 
        
               URL, return "null".
             
        3. 
             
      3. 
-              Return documentOrigin
+              Return the Unicode serialization of documentOrigin
             
        4. 
           
      
         
      
@@ -1023,7 +1025,8 @@ 
      
           
        
             
      1. 
               If documentOrigin and locationOrigin
-              are same origin, return documentOrigin.
+              are same origin, return the Unicode serialization of
+							documentOrigin.
             
        2. 
             
      2. 
               Otherwise, return "null".
@@ -1035,7 +1038,7 @@ 
        
         
        
           
          
             
        1. 
-              Return documentOrigin.
+              Return the Unicode serialization of documentOrigin.
             
          2. 
           
        
         
        
@@ -1049,7 +1052,7 @@ 
        
               URL, return "null".
             
        3. 
             
      3. 
-              Return documentOrigin
+              Return the Unicode serialization of documentOrigin
             
        4. 
           
      
         

From 780c31bb58ae3c16956b7bf4cdebea5cb1fbecf7 Mon Sep 17 00:00:00 2001
From: Brad Hill 
Date: Tue, 18 Oct 2016 14:22:41 -0700
Subject: [PATCH 4/5] remove ancestor origins refs

---
 index.html     | 36 ++++++++++++++++++------------------
 index.src.html | 13 +++++--------
 2 files changed, 23 insertions(+), 26 deletions(-)

diff --git a/index.html b/index.html
index 97f4fff..c7b54dc 100644
--- a/index.html
+++ b/index.html
@@ -1495,7 +1495,7 @@ 
      Table of Contents
      
       
    • 8.2  Set request’s referrer policy on redirect 
       
    • 8.3  Determine request’s Referrer 
       
    • 8.4  Strip url for use as a referrer 
-      
    • 8.5  Determine the Ancestor Origin availble to a Location 
+      
    • 8.5  Determine the origin serialization available to a Location 
      
     
    • 
      9 Privacy Considerations
@@ -1971,14 +1971,15 @@ 
      
       
      
    •  Return url. 
     
-    
      8.5.  Determine the Ancestor Origin availble to a Location 
      
-     Given a Location location and a browsing context context we can determine what origin information for context should be included in location’s ancestor origins array. 
+    
      8.5.  Determine the origin serialization available to a Location 
      
+     Given a Location location and a browsing context context,
+  determine what serialized origin context’s referrer policy allows exposing to location. 
     
        
      
      1. Let document be context’s active document.
      
      2. Let documentOrigin be document’s origin.
      
      3. If documentOrigin is an opaque origin, return "null". 
      
      4. Let locationOrigin be location’s relevant Document’s origin. 
-     
      5. Let policy be document’s referrer policy.
+     
      6. Let policy be document’s referrer policy.
      
      7. 
        Execute the statements corresponding to the value of policy: 
       
        
@@ -2031,12 +2032,12 @@ 
        referrer policy on a page.
        
+  active referrer policy on a page.
        
    
      • 
    
      
     
      10. Security Considerations
      
     
      10.1. Information Leakage
      
-    
      The referrer policies "origin", "origin-when-cross-origin" and "unsafe-url" might leak the origin and the URL of
+    
      The referrer policies "origin", "origin-when-cross-origin" and "unsafe-url" might leak the origin and the URL of
   a secure site respectively via insecure transport.
      
     
      Those three policies are included in the spec nevertheless to lower the friction
   of sites adopting secure transport.
      
@@ -2198,7 +2199,6 @@ 
      a
      
    • active document
      
    • an iframe srcdoc document
-     
    • ancestor origins array
      
    • associated document
      
    • browsing context
      
    • browsing context container
@@ -2355,9 +2355,9 @@ 
      I
     
    • 8.3. 
     Determine request’s Referrer 
     
    • 8.5. 
-    Determine the Ancestor Origin availble to a Location 
-    
    • 9.1. User Controls
-    
    • 10.1. Information Leakage
+    Determine the origin serialization available to a Location  (2)
+    
    • 9.1. User Controls
+    
    • 10.1. Information Leakage
    @@ -2392,7 +2392,7 @@

    I
  • 8.3. Determine request’s Referrer
  • 8.5. - Determine the Ancestor Origin availble to a Location + Determine the origin serialization available to a Location
  • 10.1. Information Leakage @@ -2403,7 +2403,7 @@

    I
  • 8.3. Determine request’s Referrer
  • 8.5. - Determine the Ancestor Origin availble to a Location + Determine the origin serialization available to a Location
  • 10.1. Information Leakage
  • 10.2. Downgrade to less strict policies
  • 11.1. Unknown Policy Values (2) @@ -2417,7 +2417,7 @@

    I
  • 8.3. Determine request’s Referrer
  • 8.5. - Determine the Ancestor Origin availble to a Location + Determine the origin serialization available to a Location
  • 10.1. Information Leakage @@ -2428,7 +2428,7 @@

    I
  • 8.3. Determine request’s Referrer
  • 8.5. - Determine the Ancestor Origin availble to a Location + Determine the origin serialization available to a Location
  • 10.1. Information Leakage @@ -2440,7 +2440,7 @@

    I
  • 8.3. Determine request’s Referrer
  • 8.5. - Determine the Ancestor Origin availble to a Location + Determine the origin serialization available to a Location
  • 10.1. Information Leakage @@ -2451,7 +2451,7 @@

    I
  • 8.3. Determine request’s Referrer
  • 8.5. - Determine the Ancestor Origin availble to a Location + Determine the origin serialization available to a Location
  • 10.1. Information Leakage
  • 10.2. Downgrade to less strict policies
  • 11.1. Unknown Policy Values (2) (3) (4) diff --git a/index.src.html b/index.src.html index dc512b4..95ed809 100644 --- a/index.src.html +++ b/index.src.html @@ -54,7 +54,6 @@

    Referrer Policy

    text: browsing context text: browsing context; for: Document; url: concept-document-bc text: parent browsing context - text: ancestor browsing context text: browsing context container text: child browsing context text: creating a new Document object @@ -66,7 +65,6 @@

    Referrer Policy

    text: sandboxed origin browsing context flag text: sandboxing flag set text: top-level browsing context - text: unicode serialization url: unicode-serialisation-of-an-origin urlPrefix: infrastructure.html text: ascii case-insensitive match; url: ascii-case-insensitive text: fragment; url: concept-url-fragment @@ -86,7 +84,6 @@

    Referrer Policy

    text: limited to only known values text: referrer policy attribute text: location - text: ancestor origins array; url: concept-location-ancestor-origins-array urlPrefix: webappapis.html text: queue a task text: task source @@ -961,12 +958,12 @@

    • -

    - Determine the Ancestor Origin availble to a Location +

    + Determine the origin serialization available to a Location

    - Given a Location location and a browsing context context - we can determine what origin information for context should be included in - location's ancestor origins array. + Given a Location location and a browsing context context, + determine what serialized origin context's referrer policy + allows exposing to location.
    1. Let document be context's active document.
      2. From 0544f17a6e8669660d409d908e9d8b0446b71f6b Mon Sep 17 00:00:00 2001 From: Brad Hill Date: Tue, 18 Oct 2016 14:39:36 -0700 Subject: [PATCH 5/5] exterminate all tabs from document --- index.html | 8 ++++---- index.src.html | 22 +++++++++++----------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/index.html b/index.html index f03bbe8..ab50a90 100644 --- a/index.html +++ b/index.html @@ -1826,8 +1826,8 @@

      referrer policy and token is not the empty string, then set policy to token.

      Note: This algorithm loops over multiple policy values to allow - deployment of new policy values with fallbacks for older user - agents, as described in §11.1 Unknown Policy Values.

      + deployment of new policy values with fallbacks for older user + agents, as described in §11.1 Unknown Policy Values.

    2. Return policy.

    8.2. Set request’s referrer policy on redirect

    @@ -1989,7 +1989,7 @@

    1. If context is TLS-protected and locationURL is not a potentially trustworthy URL, - return "null". + return "null".
    2. Return the Unicode serialization of documentOrigin
    "strict-origin-when-cross-origin" @@ -1997,7 +1997,7 @@

  • If documentOrigin and locationOrigin are same origin, return the Unicode serialization of documentOrigin.
  • If context is TLS-protected and locationURL is not a potentially trustworthy URL, - return "null". + return "null".
  • Return the Unicode serialization of documentOrigin
    "same-origin" diff --git a/index.src.html b/index.src.html index 01aa0ad..2beb018 100644 --- a/index.src.html +++ b/index.src.html @@ -65,7 +65,7 @@

    Referrer Policy

    text: sandboxed origin browsing context flag text: sandboxing flag set text: top-level browsing context - text: unicode serialization; url: unicode-serialisation-of-an-origin + text: unicode serialization; url: unicode-serialisation-of-an-origin urlPrefix: infrastructure.html text: ascii case-insensitive match; url: ascii-case-insensitive text: fragment; url: concept-url-fragment @@ -450,7 +450,7 @@

    "stric Requests from TLS-protected request clients to non- - potentially trustworthy URLs, on the other hand, will contain no + potentially trustworthy URLs, on the other hand, will contain no referrer information. A Referer HTTP header will not be sent. @@ -705,9 +705,9 @@

    policy and |token| is not the empty string, then set |policy| to |token|. - Note: This algorithm loops over multiple policy values to allow - deployment of new policy values with fallbacks for older user - agents, as described in [[#unknown-policy-values]]. + Note: This algorithm loops over multiple policy values to allow + deployment of new policy values with fallbacks for older user + agents, as described in [[#unknown-policy-values]].

  • Return |policy|. @@ -964,7 +964,7 @@

    Given a Location location and a browsing context context, determine what serialized origin context's referrer policy - allows exposing to location. + allows exposing to location.
    1. Let document be context's active document.
      2. @@ -992,7 +992,7 @@

    2. If context is TLS-protected and locationURL is not a potentially trustworthy URL, - return "null". + return "null".
    3. Return the Unicode serialization of documentOrigin @@ -1006,12 +1006,12 @@

    4. If documentOrigin and locationOrigin are same origin, return the Unicode serialization of - documentOrigin. + documentOrigin.
    5. If context is TLS-protected and locationURL is not a potentially trustworthy URL, - return "null". + return "null".
    6. Return the Unicode serialization of documentOrigin @@ -1025,7 +1025,7 @@

    7. If documentOrigin and locationOrigin are same origin, return the Unicode serialization of - documentOrigin. + documentOrigin.
    8. Otherwise, return "null". @@ -1119,7 +1119,7 @@

      Unknown Policy Values

      it possible to deploy new policy values.
      - Suppose older user agents don't understand + Suppose older user agents don't understand the "unsafe-url" policy. A site can specify an "origin" policy followed by an "unsafe-url" policy: older user agents will ignore the