On Wed, Jan 02, 2002 at 01:17:17AM +0100, Marc A. Lehmann wrote: > > Lots of servers have dumb referer checks and break with none; I'd rather > > see fake ones sent by default than nothing at all, even if it's against > > the RFC > > remember it is a MUST NOT and not only a SHOULD NOT. I think we have just > seen what happens when a program breaks the rfc based on the fact that it > seems to work with some servers.
One is accidental, the other is deliberate. The two are completely incomparable. Like I said, it clearly works with more than it doesn't work with. And I did say that it would break the RFC, as you quoted yourself. > Unless this is a bug in the rfc (which I trust not to be, as it makes > quite a bit of sense), actively breaking it is a very bad idea. i thought > in 2002 people would finally know that deliberately breaking compatibility > is a bad thing. "Deliberately breaking compatibility"? Where did you come up with this? If you honestly believe the reason the referers were added was to break compatibility, I'd like you to show why, especially since Alex just said that the reason they were added was to *improve* compatibility, and the reason I suggested keeping it as the default was the same. Note that many GNU utils do things like this: change default behavior to that which does *not* conform to POSIX, and revert back if POSIXLY_CORRECT is set. I'm certainly glad for this. > wget (quite a bit more common than lftp for http fetches) also doesn't > fake referer headers, and there aren't an abundance of wget users > complaining, as I would expect. Because on most servers, it doesn't matter; I've had to manually add a referer header a number of times, however, which is extremely annoying. > > header with the URL itself, so I could get this behavior with IE, but > > Squid, last I used it, didn't even support HTTP/1.1.) > > boy, that must have been many years ago ;) 5-6 months, probably. All outgoing requests were HTTP/1.0. > > Unfortunately, they seem as prevelent as ever. Geocities does this for > > all images ... > > geocities does no such thing. > > maybe you confuse the referer with something else after all? I've definitely seen these pages giving "not allowed" type stuff for images. Recently, people have been circumventing this by renaming images to *.txt (abusing an IE bug), so they probably just dropped it. -- Glenn Maynard
