W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: confidentiality and the referer field

From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 26 Jun 1997 16:29:22 -0400 (EDT)
Message-Id: <199706262029.QAA07087@muesli.ai.mit.edu>
To: Ross Patterson <Ross_Patterson@ns.reston.vmd.sterling.com>
Cc: http-wg@cuckoo.hpl.hp.com

> Assuming you're not suggesting removing the REFERER header field
> altogether, that's not true.  Sites would simply need to decide whether
> a request without a REFERER was acceptable or not, and allow or deny
> the request accordingly.

OK "restrict the ability".

There are already many situations where a browser can't send a referer
field, such as when the link is a bookmark. As clients allow the user to
disable the referer field sites will be less able to refuse requests
for frivolous reasons.

I was simply flagging a secondary consequence of the change.


	Phill
Received on Thursday, 26 June 1997 13:31:03 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:45 EDT