[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: PATCH: 2 small KHTML patches...
From:       Dirk Mueller <mueller () kde ! org>
Date:       2004-01-14 20:41:04
Message-ID: 200401142141.04122.mueller () kde ! org
[Download RAW message or body]

On Wednesday 14 January 2004 03:44, Dawit A. wrote:

> Then I do not understand why this is a security/privacy issue then ? I mean
> if the server did the redirecting using 302, we simply send the referrer
> anyways, so I fail to see why doing it from KHTML on meta
> redirection/refresh would be a problem.

it is not a problem on meta redirection. the problem is that the new site, the 
server we were redirected to with a 302 redirection, must not get the 
previous referrer, with other words, a server redirection is not a user 
action upon which the referrer header is supposed to get set. 

besides that we use the code path for javascript based redirections and there 
also referers must get cleared. 

> Both Mozilla and IE do the same 
> thing as far as I can tell.

No they don't. Read #42611. 

(use cvs annotate please when you wonder why code is there which you think 
should not be there). 


Dirk
[prev in list] [next in list] [prev in thread] [next in thread]