On Thu, 29 Jun 2006 23:10:57 +0200, Mark Baker <[EMAIL PROTECTED]> wrote:
On 6/29/06, Mark Nottingham <[EMAIL PROTECTED]> wrote:
See my previous message; the whole point is that Referer is *not*
under the control of the author, but instead automatically generated
based on the user's context.
I understand, but I don't see it as a large burden to ask that authors
do this;
r.setRequestHeader( "Referer", this.location.href );
How about the possibility to rather turn off the sending of some headers?
For people making web applications with traffic concerns it would be in
their interest to take extra effort in stripping data, rather than
opting-in when no traffic concerns?
Anyway, most browsers already allow you to turn off/on referers and users
get according results when navigating on the net. Don't see why XHRs
shouldn't be affected by the same user settings?
--
Nicolas Mendoza
http://utilitybase.com
