- From: Matthew Rubenstein <ruby@name.net>
- Date: Thu, 26 Jun 1997 16:35:51 -0400
- To: Hallam-Baker <hallam@ai.mit.edu>
- Cc: Ross Patterson <Ross_Patterson@ns.reston.vmd.sterling.com>, http-wg@cuckoo.hpl.hp.com
At 04:29 PM 6/26/97 -0400, Hallam-Baker wrote: > >> Assuming you're not suggesting removing the REFERER header field >> altogether, that's not true. Sites would simply need to decide whether >> a request without a REFERER was acceptable or not, and allow or deny >> the request accordingly. > >OK "restrict the ability". > >There are already many situations where a browser can't send a referer >field, such as when the link is a bookmark. The lack of a REFERER value there is effectively a spec omission that effects an overload of a null REFERER to indicate several conditions, including key entry, "bookmarks" and client bug. > As clients allow the user to >disable the referer field sites will be less able to refuse requests >for frivolous reasons. One client's frivolous reason is another server's special case. It's _my_ server, why can't I restrict access based on what enabled the request? >I was simply flagging a secondary consequence of the change. > > > Phill -- Matthew Rubenstein North American Media Engines Toronto, Ontario *finger matt for public key* (416)943-1010 Chess is for computers.
Received on Thursday, 26 June 1997 13:42:24 UTC