[wellylug] Possibly wierd https -> http effect
jumbophut
jumbophut at gmail.com
Wed Oct 20 13:41:25 NZDT 2004
On Wed, 20 Oct 2004 13:34:08 +1300, Darryl Hamilton wrote:
>
> I've done a little more searching and, surprisingly enough, the rfc2616
> (HTTP 1.1) has this to say...
>
> "Clients SHOULD NOT include a Referer header field in a (non-secure)
> HTTP request if the referring page was transferred with a secure protocol."
>
> So, I guess it's not a wierd browser thing, but part of the actual spec.
>
That will teach me to go looking at the https spec (2818) for
information about https! I should have known it would be in the spec
for http. ;-)
Having said that, it does still appear to be a wierd browser thing, in
that not all browsers follow the spec, even though they should.
Hopefully the latest versions are a little more security-conscious.
Glad you found your answer.
--
Tony (echo 'spend!,pocket awide' | sed 'y/acdeikospntw!, /l at omcgtjuba.phi/')
More information about the wellylug
mailing list