Kornel Lesinski wrote: > On Sun, 10 Feb 2008 10:42:47 -0000, Julian Reschke > <julian.reschke@gmx.de> wrote: > >> So you're saying that recipients treat the absence of a Referer header >> as indication the offering page was from the same origin? That would >> IMHO be contrary to what RFC2616 defines (the absence of the Referer >> header means that the Referrer either doesn't have a URI, or the >> client doesn't want to reveal it). > > If client does not reveal referrer, the website can't tell if request > was local or from another site. In order to avoid blocking legitimate Yes. > requests (local request from client/proxy that hides referrer) websites It could be non-local as well. > have to accept all requests without Referer. Ok. So why not use something else for filtering ping requests? Why does it need to use the Referer header? > ... BR, JulianReceived on Tuesday, 12 February 2008 21:35:11 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:12 GMT