- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 22 Jan 2009 16:41:37 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Larry Masinter <LMM@acm.org>, <ietf-http-wg@w3.org>, "'Lisa Dusseault'" <ldusseault@commerce.net>
On Jan 22, 2009, at 4:20 PM, Mark Nottingham wrote: > On 23/01/2009, at 10:07 AM, Roy T. Fielding wrote: >> >> 4) Even if such a feature becomes necessary, it can be far >> easier accomplished by changing the operational behavior of >> browsers such that they always send Referer and simply reduce >> the value of that field (similar to that specified for Origin) >> in those cases where it is currently not set at all. No change >> would then be needed to HTTP and existing agents that already >> send Referer for these cases would already comply. > > I don't agree. Unless it's very well-specified and implemented, > this will have the effect of dumbing down Referer, reducing its > utility for other purposes. I don't understand -- the only case that would be affected is the one wherein no Referer is sent today. It is easy to distinguish that case from other Referer values because it excludes anything after the URI authority (normal "http" Referer values always have a path portion of at least "/"). Hence, the change is both HTTP-compliant and detectable by origin servers (if they cared, which I don't expect they would). ....Roy
Received on Friday, 23 January 2009 00:42:21 UTC