Tyler Close wrote: > Ian Hickson wrote: > > > That's the new part. > > > > Referer-Root is not new. It's a subset of an existing header. > > The content of Referer-Root is a subset of Referer; however, > the conditions under which an honest client sends > Referer-Root are different. Today, an honest, correctly > implemented browser won't send a cross-domain POST of XML > content. Consequently, it is not convincing for a dishonest > client to use the Referer header to claim that a web page > from another site originated such a request. The same is not > true of the Referer header. The Referer header can be used to > convincingly blame another site for a request. The last two "Referer header" should be "Referer-Root" header: The same is not true of the Referer-Root header. The Referer-Root header can be used to convincingly blame another site for a request. --Tyler
- Re: Accountability in AC4CSR Anne van Kesteren
- RE: Accountability in AC4CSR Close, Tyler J.
- Re: Accountability in AC4CSR Anne van Kesteren
- RE: Accountability in AC4CSR Close, Tyler J.
- Re: Accountability in AC4CSR Jonas Sicking
- RE: Accountability in AC4CSR Close, Tyler J.
- RE: Accountability in AC4CSR Ian Hickson
- RE: Accountability in AC4CSR Close, Tyler J.
- RE: Accountability in AC4CSR Ian Hickson
- RE: Accountability in AC4CSR Close, Tyler J.
- RE: Accountability in AC4CSR Close, Tyler J.
- RE: Accountability in AC4CSR Ian Hickson
- RE: Accountability in AC4CSR Close, Tyler J.
- RE: Accountability in AC4CSR Ian Hickson
- RE: Accountability in AC4CSR Close, Tyler J.
- RE: Accountability in AC4CSR Close, Tyler J.
- RE: Accountability in AC4CSR Ian Hickson
- Re: Accountability in AC4CSR John Panzer
- Re: Accountability in AC4CSR Ian Hickson
- Re: Accountability in AC4CSR John Panzer
- Re: Accountability in AC4CSR Ian Hickson
