W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: Referer URI MUST NOT include a fragment

From: Albert Lunde <atlunde@panix.com>
Date: Sun, 1 Mar 2009 10:25:13 -0500
To: ietf-http-wg@w3.org
Message-ID: <20090301152513.GA25997@panix.com>
On Sun, Mar 01, 2009 at 12:19:57PM +0100, Julian Reschke wrote:
> Reminder: if we *did* want to relax this in HTTPbis, we will need to  
> investigate whether relaxing the value range can break existing code.

It's going to break existing web applications that do equality
tests on Referer for (weak) security, or to prevent deep linking
into web sites. Say, substring matches on hostname, won't be affected.
(All these things have to allow for the case that Referer
is not sent, but they can be brittle in other respects.)

So the effect will be breakage of unspecified sites by the first browser
to adopt  it.

-- 
    Albert Lunde  albert-lunde@northwestern.edu
                  atlunde@panix.com  (new address for personal mail)
                  albert-lunde@nwu.edu (old address)
Received on Sunday, 1 March 2009 15:25:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:01 GMT