Citat:
Originally posted by jayzee@Aug 14 2008, 22:56
Intressant teknik, men något som lär täppas igen relativt snart.
Jag har sett att både Gecko samt Opera utveckare (IE vet jag inte) har fått upp ögonen för detta och redan funderar på olika lösningar för att täppa igen detta. Skulle inte förvåna mig ifall det blir täppt vid nästa release eller release efter nästa.
|
Det är inget som behöver "täppas till"; HTTP är uppbyggt att skicka med s.k. referer (10.13 RFC 1945) vilket webbläsare gör by default.
Citat:
10.13 Referer
The Referer request-header field allows the client to specify, for the server's benefit, the address (URI) of the resource from which the Request-URI was obtained. This allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc. It also allows obsolete or mistyped links to be traced for maintenance. The Referer field must not be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard.
Referer = "Referer" ":" ( absoluteURI | relativeURI )
Example:
Referer: http://www.w3.org/hypertext/DataSources/Overview.html
If a partial URI is given, it should be interpreted relative to the Request-URI. The URI must not include a fragment.
Note: Because the source of a link may be private information or may reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information.
|
Förhindras enkelt genom att stänga av referer i webbläsaren.