Re: https in referer check from Liam Quinn on 2003-06-26 (www-validator@w3.org from June 2003)

From: Liam Quinn <liam@htmlhelp.com>
Date: Wed, 25 Jun 2003 20:22:55 -0400 (EDT)
To: Viljo Viitanen <Viljo.Viitanen@helsinki.fi>
cc: www-validator@w3.org
Message-ID: <Pine.LNX.4.44.0306252021250.17599-100000@localhost.localdomain>

On Wed, 25 Jun 2003, Viljo Viitanen wrote:

> It seems http://validator.w3.org/check/referer does not work if it's called
> from an https page.

The HTTP/1.1 spec says:

   Clients SHOULD NOT include a Referer header field in a (non-secure)
   HTTP request if the referring page was transferred with a secure
   protocol.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3

-- 
Liam Quinn

Received on Wednesday, 25 June 2003 20:23:11 UTC