[tahoe-lafs-trac-stream] [tahoe-lafs] #1890: submit proposal for restrict-referrer-leakage to the CSP standardizers and implementors
tahoe-lafs
trac at tahoe-lafs.org
Wed Dec 5 23:05:47 UTC 2012
#1890: submit proposal for restrict-referrer-leakage to the CSP standardizers and
implementors
-------------------------+--------------------------------
Reporter: zooko | Owner: davidsarah
Type: task | Status: assigned
Priority: normal | Milestone: soon (release n/a)
Component: unknown | Version: 1.9.2
Resolution: | Keywords: referer referrer
Launchpad Bug: |
-------------------------+--------------------------------
Comment (by zooko):
This Firefox add-on named "refcontrol" seems pretty good:
http://www.stardrifter.org/refcontrol/
I've been using it. There are plenty of sites in my experience that would
break with the {{{network.http.sendRefererHeader = 0}}} tweak. Those ones
break when you put refcontrol into the "send nothing" mode, but some of
those work when you put it into the "send just the domain part" mode. It
also offers "sending this specific string" mode, can be configured to
behave differently on different sites, and can optionally display "What I
will send in Referer" on the "add-ons display bar" at the bottom of the
page.
I configured it many weeks ago to "send just the domain part" by default,
and for my children's elementary school district's web site, to send the
full normal Referer. Since then I've never had a problem as far as I know,
and no Referer's have been sent except to my children's elementary school
district. Victory!
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1890#comment:3>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list