- From: Robin Berjon <robin.berjon@expway.fr>
- Date: Sun, 9 Apr 2006 15:06:51 +0200
- To: Mark Nottingham <mnot@yahoo-inc.com>
- Cc: public-webapi@w3.org
On Apr 07, 2006, at 20:00, Mark Nottingham wrote:
> OK. I've made my case and have heard from some individuals; it
> seems like there's agreement that automatically setting Referer
> shouldn't be disallowed, but disagreement about whether it should
> be overridable. I'd like to hear the WG's opinion on the matter.
It's been added to the agenda, though given the pile of stuff we have
it may be a while before we get around to it.
So far however I haven't heard a convincing case that Referer-based
content protection was a generally smart and safe thing to do that
should be encouraged by the browsers' security model. Barring a
stronger case for this restriction I'd be surprised to see a
resolution in that direction.
--
Robin Berjon
Senior Research Scientist
Expway, http://expway.com/
Received on Sunday, 9 April 2006 13:06:52 UTC