Can we disable HTTP referer checking on the forums?

rdash · 2017-08-02 05:17:11

Referers are easy to spoof and a gross violation of the forum users' privacy. Why is it enabled?

XxAtillaxX · 2017-08-02 10:09:52

It's used by FluxBB to prevent against XSRF attacks.

Ratburntro44

Anatoly · 2017-08-02 11:23:31

its your 42 post, inverted, btw. your sig "you think you're clever?"

On-Topic: why do you care if its https or http? (if thats what the topic is about, my english is... NOT BAD!!)

Different55 · 2017-08-02 13:54:02

It's exactly as Atilla says. If we didn't do that, people could craft links and web pages that could trick your browser into doing things like making posts and editing your profile. HTTP referrers aren't logged (actually that's a lie, I believe Apache logs those in the access logs by default), no privacy is being invaded here except by the ads which are watching you sleep at night.

If you're concerned about your privacy, set your browser (or get an extension) to only send a referrer if the site you're being referred from is on the same domain. 0 privacy risk, and no features broken either.

Ratburntro44

Gosha · 2017-08-02 13:55:58

AnatolyEE wrote:

why do you care if its https or http?

https is a secure http.

it's all about privacy and personal info

Xfrogman43

Official Everybody Edits Forums

#1 2017-08-02 05:17:11

Can we disable HTTP referer checking on the forums?

#2 2017-08-02 10:09:52

Re: Can we disable HTTP referer checking on the forums?

#3 2017-08-02 11:23:31

Re: Can we disable HTTP referer checking on the forums?

#4 2017-08-02 13:54:02, last edited by Different55 (2017-08-02 13:54:46)

Re: Can we disable HTTP referer checking on the forums?

#5 2017-08-02 13:55:58

Re: Can we disable HTTP referer checking on the forums?

Board footer