W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

RE: Referer URI MUST NOT include a fragment

From: Larry Masinter <masinter@adobe.com>
Date: Wed, 25 Feb 2009 16:05:48 -0800
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <8B62A039C620904E92F1233570534C9B0118C86E24D5@nambx04.corp.adobe.com>
I think the idea of allowing fragment identifiers in
Referer is interesting, and I'm not sure what it would
break. It couldn't be mandated. I think the privacy
security concerns about Referer remain, and perhaps
the restriction was just a way of minimizing the

The important limits on Referer in RFC 2616
are in the "Security Considerations" section

At least a while ago, it was looking like the
"Origin" header proposal might instead be subsumed
by an extension to "Referer" instead, which seemed
like a positive direction. I don't think allowing
fragment identifiers in Referer for other purposes
would interfere with that.

Received on Thursday, 26 February 2009 00:08:04 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 October 2015 05:36:32 UTC