Comment 15 for bug 560246
Revision history for this message
| Björn Jacke (bjoern-j3e) wrote Re: [Bug 560246] Re: Launchpad requires the REFERER header on form submission breaking with noscript and other privacy/spam browser plugins | #15 |
On 2011-04-11 at 03:05 -0000 William Grant sent off:
> While we should revisit this in the near term (checking Referer places
> undesirable restrictions on user agents), this is not significant for
> security. Forging a Referer header on a POST requires a browser or
> plugin bug, at which point you are in trouble anyway.
a FF4 with noscript does not generally block referrers on ordinary POST
requests. Possibly some of the heavy script magic that lauchpag uses causes the
referrer to be removed by noscript. Anyway - people like me, that are bitten by
this launchpad annoyance CAN use other sites without trouble.
--
comment sent via my mutt