- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Tue, 30 Sep 2008 19:31:58 +0300
On Sep 29, 2008, at 23:52, Adam Barth wrote: > On Mon, Sep 29, 2008 at 1:40 PM, Anne van Kesteren > <annevk at opera.com> wrote: >> I thought the issue with Referer >> was that it exposed path information, but I guess the problem with >> Origin is >> that it reveals the intranet server name? > > The query string and the path are probably the most privacy-sensitive. > Yes, the concern is revealing the name of an intranet server. Most > names are probably innocuous (like www, hr, or wiki), but there are > others that might be an issue (like secretproject). It's hard for me > to evaluate how concerning this privacy leak is. This could be addressed by sending a cryptographic hash of the origin (using an algorithm that is commonly available in libraries used by server-side programmers). -- Henri Sivonen hsivonen at iki.fi http://hsivonen.iki.fi/
Received on Tuesday, 30 September 2008 09:31:58 UTC