Grant
> Isn't the solution to add that option to the OSM layer in https://github.com/openstreetmap/leaflet-osm/? I don't think hard coding something based on the host here is reasonable... I'll also PR...
> @Firefishy I'm going over https://developer.mozilla.org/en-US/docs/Web/API/HTMLImageElement/referrerPolicy and https://w3c.github.io/webappsec-referrer-policy/#referrer-policy , and according to those, all browsers should be already using a default value of `strict-origin-when-cross-origin`. So for the default use case...
@Falke-Design The alternative acceptable? - Updating all leaflet examples that use OpenStreetMap to include explicitly setting `referrerPolicy`?
I am part of the OpenStreetMap sysadmin team. We **are** going to enforce the `referer` requirement per our https://operations.osmfoundation.org/policies/tiles/ Yes, there other libraries, but leaflet is the most common when...
> That was what I meant, just don't enforce it 😉 Just joking, but I'm still not sure if it should be really in the core library. After excluding app...
> @Firefishy one thing I am confused about, is that it seems the default value from browsers is already `strict-origin-when-cross-origin` (see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy#strict-origin-when-cross-origin_2)). `strict-origin-when-cross-origin` is indeed the default, but during our...
@jonkoops Refactored as requested to remove duplication. Hopefully suitable now.
> How are other libs like OpenLayers are handling this? https://github.com/openlayers/openlayers/pull/17089
> @Firefishy By any chance, do you have a drill-down of tile requests with no referrer set, split by HTTP vs HTTPS? > > I'm wondering if HTTPS sites are...
> > Currently approximately 10% of tile.openstreetmap.org's tile traffic is from sites which are not sending a HTTP Referer. > > I can not believe that ~10% of Leaflet deployments...