- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 20 Feb 2008 19:26:38 +0000 (UTC)
On Wed, 13 Feb 2008, Kornel Lesinski wrote: > > That's interesting. In that case attack outlined on Mozilla's list is > even less likely to succeed than I thought. So maybe a "less abusive" > approach would suffice: > > * if ping is cross-domain, always send Referer > * if ping originates from the same domain, don't send any Referer at all Ok, I've done that instead. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 20 February 2008 11:26:38 UTC