[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] Customized Referer
|
From: |
Thomas Dickey |
|
Subject: |
Re: [Lynx-dev] Customized Referer |
|
Date: |
Wed, 8 Jul 2009 18:58:26 -0400 (EDT) |
On Tue, 7 Jul 2009, ank man wrote:
Hello,
I could not find if it's planned to add a customized (AKA "fake")
referer option to lynx. Would be a nice feature whhat for example the
links browser has.
lynx does have
-nofilereferer
disable transmissions of Referer headers for file URLs.
-noreferer
disable transmissions of Referer headers.
man links shows
-http-referer <0>/<1>
(default 0) 0 - do not send referer. 1 - send the requested URL
as referer. 2 - send fake referer. 3 - send real referer. 4 -
send real referer only to the same server.
-fake-referer <string>
Fake referer value.
-fake-user-agent <string>
Fake user agent value.
I seem to recall this being discussed a while back, but don't currently
have an opinion. Google shows some relevant comments though
http://article.gmane.org/gmane.comp.web.elinks.user/570
* protocol.http.referer.policy is now by default 1, not 3 - 1 is the
correct RFC compliant behaviour, instead of 3 which should stay the choice
for paranoid privacy-aware people
which appears to correspond to this configuration data in elinks:
## protocol.http.referer
# HTTP referer sending rules.
## protocol.http.referer.policy <num>
# Mode of sending HTTP referer:
# 0 is send no referer
# 1 is send current URL as referer
# 2 is send fixed fake referer
# 3 is send previous URL as referer (correct, but insecure)
#
set protocol.http.referer.policy = 1
There is of course miscellaneous discussion
http://forums.omnigroup.com/archive/index.php/t-1033.html
http://wareseeker.com/System/target-referer-spoof-1.0.1.zip/356913
http://www.webappsec.org/lists/websecurity/archive/2007-11/msg00010.html
(I don't see anyone making interesting comments on the use of fake
referers though).
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net