On Wednesday 14 January 2004 03:44, Dawit A. wrote:

> Then I do not understand why this is a security/privacy issue then ? I mean
> if the server did the redirecting using 302, we simply send the referrer
> anyways, so I fail to see why doing it from KHTML on meta
> redirection/refresh would be a problem.

it is not a problem on meta redirection. the problem is that the new site, the 
server we were redirected to with a 302 redirection, must not get the 
previous referrer, with other words, a server redirection is not a user 
action upon which the referrer header is supposed to get set. 

besides that we use the code path for javascript based redirections and there 
also referers must get cleared. 

> Both Mozilla and IE do the same 
> thing as far as I can tell.

No they don't. Read #42611. 

(use cvs annotate please when you wonder why code is there which you think 
should not be there). 


Dirk