W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: confidentiality and the referer field

From: Ross Patterson <Ross_Patterson@ns.reston.vmd.sterling.com>
Date: Thu, 26 Jun 97 16:15:08 EDT
Message-Id: <199706262023.AA00427@reston.vmd.sterling.com>
To: http-wg@cuckoo.hpl.hp.com
Hallam-Baker <hallam@ai.mit.edu> writes:

>Incidentally this change would mean that sites would no longe be able to
>control linking to what are being refered to as "internal" pages, forcing
>a user to traverse a site direct from the home page.

Assuming you're not suggesting removing the REFERER header field
altogether, that's not true.  Sites would simply need to decide whether
a request without a REFERER was acceptable or not, and allow or deny
the request accordingly.

Perhaps I misread your suggestion - you DID suggest that an HTTP response
could somehow advise the client not to include REFERERs in requests
generated from links in the response, right?

Ross Patterson
Sterling Software, Inc.
VM Software Division
Received on Thursday, 26 June 1997 13:22:37 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:45 EDT