W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2008

[whatwg] Referer header sent with <a ping>?

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 20 Feb 2008 19:26:38 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0802201906030.20115@hixie.dreamhostps.com>
On Wed, 13 Feb 2008, Kornel Lesinski wrote:
> 
> That's interesting. In that case attack outlined on Mozilla's list is 
> even less likely to succeed than I thought. So maybe a "less abusive" 
> approach would suffice:
> 
> * if ping is cross-domain, always send Referer
> * if ping originates from the same domain, don't send any Referer at all

Ok, I've done that instead.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 20 February 2008 11:26:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:39 UTC