PATCH: 2 small KHTML patches...
adawit at kde.org
Fri Jan 16 06:44:44 GMT 2004
On Wednesday 14 January 2004 15:41, Dirk Mueller wrote:
> On Wednesday 14 January 2004 03:44, Dawit A. wrote:
> > Then I do not understand why this is a security/privacy issue then ? I
> > mean if the server did the redirecting using 302, we simply send the
> > referrer anyways, so I fail to see why doing it from KHTML on meta
> > redirection/refresh would be a problem.
> it is not a problem on meta redirection. the problem is that the new site,
the server we were redirected to with a 302 redirection, must not get the
previous referrer, with other words, a server redirection is not a user
action upon which the referrer header is supposed to get set.
But that is just it. I am trying to fix a bug introduced as a result of that
single fateful line. I am also a bit confused by your statement above. You
said "it is not a problem on meta-direction", but you went on to state that
the very same action when done by a server based redirection, i.e. 3xx
redirections it is wrong ?? Anyways, I agree with that to a certain extent.
Users should be informed about any redirection and they should decide whether
or not they want to allow or deny such action from taking place. However,
once a user approves the action, it should be treated as if the user clicked
on a link rather than entered a url IMHO.
> there also referers must get cleared.
another function that does sanity checks before calling such a sensitive and
commonly used function ?
> > Both Mozilla and IE do the same
> > thing as far as I can tell.
> No they don't. Read #42611.
Can you please explain to me how they work on the download section
http://www.wxwindows.org ? A bug ? They do send the referrer, the correct one
at that. With the referrer blanking line inplace at ::slotRedirection,
konqueror still sends the referrer header. It just happens to be the wrong
one, the top level url (http://www.wxwindows.org/).
> (use cvs annotate please when you wonder why code is there which you think
> should not be there).
Please feel free to revert this change or tell me and I will revert it.
However, the issue that prevents downloads from working at
"Preach what you practice, practice what you preach"
More information about the kde-core-devel