W3C home > Mailing lists > Public > public-html@w3.org > November 2010

Re: ISSUE-124 CP 2

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 11 Nov 2010 13:25:36 +0100
Message-ID: <4CDBE0C0.2030400@gmx.de>
To: Philip Taylor <pjt47@cam.ac.uk>
CC: Ian Hickson <ian@hixie.ch>, public-html@w3.org
On 11.11.2010 12:36, Philip Taylor wrote:
> ...
> A non-trivial percentage of users never send a Referer header (due to
> browser configuration or privacy-enhancing firewalls etc), so the usual
> approach to prevent hotlinking is to reject any requests with a present
> but incorrect Referer, and accept any with a correct or absent Referer.
> That avoids hurting Refererless users, but still works to prevent
> hotlinking since it breaks the hotlinking page for a vast majority of
> users.
>
> noreferrer will make hotlinked requests indistinguishable from
> legitimate requests from users that block Referer. The only way to
> prevent hotlinking will then be to block all requests that lack Referer,
> which will hurt some legitimate users too.
> ...

OK, so why is this a problem for <link>, not not for <a>/<area>?

Best regards, Julian
Received on Thursday, 11 November 2010 12:26:23 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:06 UTC