W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: #328: user Intervention on Redirects

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 7 Feb 2012 11:25:42 -0800
Message-ID: <CABkgnnWmPWH2a4g78r2roZXYSPCg=oYoXObMatPv9Wn0+ayDWQ@mail.gmail.com>
To: Chris Weber <chris@lookout.net>
Cc: Julian Reschke <julian.reschke@gmx.de>, Anne van Kesteren <annevk@opera.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
It's not so much the issue of having an open redirect, it more relates
to the way that the browser assigns some level of trust to the server
when following the redirect.  Worse, the target server assigns a
degree of trust to the client when accepting the new request.
Received on Tuesday, 7 February 2012 19:29:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:55 GMT