+1 But changing to: network.http.referer.XOriginPolicy = 1
[Some websites present problems if spoofSource=true] El 29/02/16 a les 15:29, François Kooman ha escrit: > Hi, > > The HTTP referrer configuration has some issues when it is used for CSRF > protection by sites. The default Firefox configuration is like this > (about:config): > > network.http.referer.XOriginPolicy = 0 > network.http.referer.spoofSource = *false* > network.http.referer.trimmingPolicy = 0 > network.http.sendRefererHeader = 2 > > The default IceCat configuration is like this: > > network.http.referer.XOriginPolicy = 0 > network.http.referer.spoofSource = *true* > network.http.referer.trimmingPolicy = 0 > network.http.sendRefererHeader = 2 > > The intention of spoofing the referrer is a good one, but it may be > better to disable "spoofSource" and instead use "XOriginPolicy" with the > value of 1=domain match (or 2=host match) that will prevent > "cross-domain/host" HTTP referrers, but still allow the full referrer on > the same host/domain. Using referrers within the same domain has no > implications for privacy of the user as far as I can see. > > So, my proposal is this default configuration: > > network.http.referer.XOriginPolicy = 2 > network.http.referer.spoofSource = *false* > network.http.referer.trimmingPolicy = 0 > network.http.sendRefererHeader = 2 > > I am not sure if this has any other (negative) effects when using this > to browse around, but so far using it the last couple of days hasn't > resulted in any issues, but of course my browsing behavior may not be > representative... > > What do you think? > > Regards, > François > > -- > http://gnuzilla.gnu.org > -- http://gnuzilla.gnu.org
