> Not such a good idea. The referer value is no more trustworthy than
> anything else supplied by the client.
Can the Refer: header be changed using JavaScript, on the common
browsers? If not, we can use it (as long as it's available) because
it provides the attestation we need.
> anything else supplied by the client.
Can the Refer: header be changed using JavaScript, on the common
browsers? If not, we can use it (as long as it's available) because
it provides the attestation we need.
The trouble with...
[ more ]