Hi all,
> Thank you, but I'm not sure what you want us to do with that.
>
> Is this for mainline integration?
That's my original thought.
> If so, I find it a bit too drastic, some websites don't work without
> the correct referer (mostly with session).
Yes, I've used it for a while now and found many sites not working.
> Some browsers have different "privacy" options like:
>
> 1. Strip the referer header entirely.
> 2. Only allow it for the same origin domains.
> 3. Allow "crossdomain" referer, but only set the domain part.
I'd like to make such a patch, but now I've found my patch couldn't handle
frames correctly, and I don't know how to fix that. There seems to be no
such an API to get the reference to the target frame in decide-policy
signal handler. So it'll break more sites.
> Of course you can also strip the Referer using a filtering proxy and not do
> this in the browser itself.
That sounds a nice approach.
Received on Mon Nov 19 2018 - 07:46:18 CET
This archive was generated by hypermail 2.3.0
: Mon Nov 19 2018 - 07:48:20 CET