Comment 1 for bug 560246
Revision history for this message
| Gary Poster (gary) wrote Re: Requiring Referer is broken and serves no good security purpose | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
1) Yes, this was a conscious compromise.
2) You and I disagree on your interpretation ("Your Referer check means that your site will not be accessible from RFC 2068-compatible browsers") but I of course acknowledge the underlying fact of the RFC language. It was conscious compromise.
3) The only browser-related ways of forging REFERER headers I found (http://
Given other priorities, I do not plan to revisit the decision in the short term.
We might revisit the decision when we open up much of the site to HTTP, which may be within a few months.
Gary