W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: XMLHttpRequest Object feedback

From: Robin Berjon <robin.berjon@expway.fr>
Date: Sun, 9 Apr 2006 15:06:51 +0200
Message-Id: <E4F48200-B567-4EE7-B096-CF916C094B1F@expway.fr>
Cc: public-webapi@w3.org
To: Mark Nottingham <mnot@yahoo-inc.com>

On Apr 07, 2006, at 20:00, Mark Nottingham wrote:
> OK. I've made my case and have heard from some individuals; it  
> seems like there's agreement that automatically setting Referer  
> shouldn't be disallowed, but disagreement about whether it should  
> be overridable. I'd like to hear the WG's opinion on the matter.

It's been added to the agenda, though given the pile of stuff we have  
it may be a while before we get around to it.

So far however I haven't heard a convincing case that Referer-based  
content protection was a generally smart and safe thing to do that  
should be encouraged by the browsers' security model. Barring a  
stronger case for this restriction I'd be surprised to see a  
resolution in that direction.

-- 
Robin Berjon
    Senior Research Scientist
    Expway, http://expway.com/
Received on Sunday, 9 April 2006 13:06:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT