[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Re: immediate Redirection...
From: Lars Knoll <Lars.Knoll () mpi-hd ! mpg ! de>
Date: 2000-06-28 12:47:02
[Download RAW message or body]
On Wed, 28 Jun 2000, Richard Moore wrote:
> Lars Knoll wrote:
> >
> > On Wed, 28 Jun 2000, Richard Moore wrote:
> >
> > >
> > >
> > > Simon Hausmann wrote:
> > > >
> > > > On Wed, 28 Jun 2000, Tobias Anton wrote:
> > > >
> > > > > Hello!
> > > > >
> > > > > On Wed, 28 Jun 2000, Simon Hausmann wrote:
> > > > >
> > > > > >
> > > > > >
> > > > > > On Wed, 28 Jun 2000, Tobias Anton wrote:
> > > > > >
> > > > > > >
> > > > > > > ... happens on http://www.lycos.de/service/sms/eingabe.html.
> > > > > > >
> > > > > > > entering this page will immediately push you back to the page you`re
> > > > > > > coming from.
> > > > > > >
> > > > > > > i navigated there through
> > > > > > >
> > > > > > > http://www.lycos.de/service/sms/agb.html
> > > > > ...using konqueror.
> > > > > after that, i tried the whole...
> > > > > > >
> > > > > > > on navigator, and it worked :-\
> > > > > >
> > > > > > I think here the reason is that the http server checks for the referer in
> > > > > > the http header. If you first read the agb and then go to eingabe.html,
> > > > > > the http server can check via the referer that you actually read the agb
> > > > > > ;-)
> > > > > )-;
> > > > > >
> > > > > > This check also prevents one from using eingabe.html in
> > > > > > (automated) scripts for sms sending ;-)
> > > > >
> > > > > i expected this answer, but i was actually using konqueror
> > > > > for navigating there, not navigator.
> > > >
> > > > I know
> > > >
> > > > > I don`t know much about this referrer stuff (and i would like to
> > > > > learn more), but this seems like a bug that needs to be fixed.
> > > > > Try it. I used the kde sources from today, 05:17.
> > > >
> > > > The referer is set in the HTTP request header. The client
> > > > (i.e. browser) sends the last visited URL (current) to the server.
> > > >
> > > > IMHO this however imposes a security (privacy) problem, and IMHO it is no
> > > > bug not to set the referer.
> > > >
> > > > However I guess it should be made configurable. And I guess it needs that
> > > > kind of extension Waldo mentioned a few days ago (for a closer interaction
> > > > between khtml/konqueror and kio_http) .
> > >
> > > May CGI scripts (eg. counters etc.) use the referer. It is important
> > > that we support it IMHO.
> >
> > We should at least set it, if the previous page was on the same server, or
> > if we do a GET/POST request. I don't think there is a problem leaving out
> > the referrer when coming from a different host. This should at least solve
> > most of the privacy issues.
>
> That's not quite enough. For example the counter I use on my homepage is
> run by a 3rd party and exists on their server. This is quite a common
> situation.
> Unfortunately I can't see anyway to distinguish an acceptable use like
> this
> from the unacceptable use such as tracking banner ads.
>
> I could certainly accept setting no referer when the toplevel frame
> changes.
Or we simply do like everybody else and set it...
Lars
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic