"Mark Nottingham" <mnot@yahoo-inc.com> > If I can't trust XHR to send a referer, I have to allow all requests, and > that means that -- today -- somebody can link to that content from > another site using <a>, <script>, <object>, etc. No, you set appropriate header to authorise the request, you don't rely on referer, as that is unsafem because it's unreliable and you would unreasonably disqualify people from using your service. Given the existence of better methods of meeting your use case, I see no reason to raise Referer up to should. Jim.Received on Thursday, 29 June 2006 20:13:30 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT