On Mon, 27 Mar 2000, Philip Webb wrote:
> 000326 T.E.Dickey wrote:
> > 000325 LP wrote
> >> Occasionally, lynx sends referer field pointing to local files,
> >> incl temporary files, which may be not good because of security
> >> (remote user may find temp file name generated by lynx).
> >> the referer: field should not be sent if previous page was not http://
> > there's the NO_FILE_REFERER setting to cover this -
> > we could make a special case and suppress files
> > Lynx happens to have opened for temporary use irregardless of that.
>
> it would seem a good idea to do that,
> assuming there can never be a good use for referer fields to local files.
There is, IMO,
- for testing & debugging of Lynx itself,
- for testing & debugging of authored pages (maybe if parts are
uploaded to a server and parts are still tested on local disk),
- for sites providing local services via lynx (freenet-style), or
other kinds of local HTML pages on multiuser systems.
As someone else already mentioned, there is a lynx.cfg option
to turn it off. (It may be reasonable to change the default
to NO_FILE_REFERER:TRUE.)
Klaus
