I forgot to mention that as well, not to mention that they can be spooked pretty easily as well, although in this case thats not really a concern. Any chance of getting some of the core dev's to think about removing additional SSL checks, as FF 3.6.8 is a pretty major browser to support and this is likely to only get worse as adoption increases. Is the additional security worth the trade off?
Mat On 26 August 2010 20:35, Tim Chase <django.us...@tim.thechases.com> wrote: > On 08/26/10 13:25, Jeff Balogh wrote: > >> In our case the pref was accidentally disabled when testing add-ons, >> but people do intentionally turn off Referer for privacy reasons. I >> don't know if requiring Referer under https is a good idea. >> > > RFC-2616 makes it pretty clear that one should never require the > Referer[sic] header as it's optional[1] for the user-agent to transmit it > and perfectly reasonable for the user to disable it regardless of HTTP vs. > HTTPS. > > -tkc > > [1] > http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.36 > http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.2 > http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3 > > > > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to django-develop...@googlegroups.com. > To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com<django-developers%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > -- -- Matthew Clayton | Co-Founder/CTO Mixcloud Limited twitter http://www.twitter.com/matclayton email m...@mixcloud.com mobile +44 7872007851 skype matclayton -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
