Hi all, > Thank you, but I'm not sure what you want us to do with that. > > Is this for mainline integration?
That's my original thought. > If so, I find it a bit too drastic, some websites don't work without > the correct referer (mostly with session). Yes, I've used it for a while now and found many sites not working. > Some browsers have different "privacy" options like: > > 1. Strip the referer header entirely. > 2. Only allow it for the same origin domains. > 3. Allow "crossdomain" referer, but only set the domain part. I'd like to make such a patch, but now I've found my patch couldn't handle frames correctly, and I don't know how to fix that. There seems to be no such an API to get the reference to the target frame in decide-policy signal handler. So it'll break more sites. > Of course you can also strip the Referer using a filtering proxy and not do > this in the browser itself. That sounds a nice approach.