Comment 3 for bug 560246
Revision history for this message
| Ben Bucksch (benbucksch) wrote Re: Requiring REFERER makes user privacy more difficult and CSRF could be prevented more robustly | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
ARG!!!!! I file a bug. I type the long text (bug description), click submit. error "No referer, please enable referer". Click Back, long bug description is gone! AAAARRRGGG! how stupid/lazy do you have to be to write such web software??? Firefox goes to great length to save form contents when you go back, but you manage to lose it. This makes it a dataloss bug.
And as said above, referers are entirely optional and it must be possible to disable them, per HTTP spec. Because they are a privacy problem, and the explicitly spec says so Software which requires them is broken. And you don't need referers, as the above comments state, and referers are actually less secure than the right solution. This is a plain bug, and a privacy problem. Fix it, yesterday!