- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 12 Feb 2008 22:27:04 +0100
- To: Kornel Lesinski <kornel@geekhood.net>
- CC: "public-html@w3.org" <public-html@w3.org>
Kornel Lesinski wrote: > On Sun, 10 Feb 2008 10:42:47 -0000, Julian Reschke > <julian.reschke@gmx.de> wrote: > >> So you're saying that recipients treat the absence of a Referer header >> as indication the offering page was from the same origin? That would >> IMHO be contrary to what RFC2616 defines (the absence of the Referer >> header means that the Referrer either doesn't have a URI, or the >> client doesn't want to reveal it). > > If client does not reveal referrer, the website can't tell if request > was local or from another site. In order to avoid blocking legitimate Yes. > requests (local request from client/proxy that hides referrer) websites It could be non-local as well. > have to accept all requests without Referer. Ok. So why not use something else for filtering ping requests? Why does it need to use the Referer header? > ... BR, Julian
Received on Tuesday, 12 February 2008 21:35:11 UTC