canmove, Confirmed users, Bureaucrats and Sysops emeriti
6,906
edits
Privacy/Features/Shortened HTTP Referer header: Difference between revisions
Jump to navigation
Jump to search
m
Privacy/Features/Shortened HTTP Referer header (view source)
Revision as of 03:21, 15 July 2011
, 15 July 2011no edit summary
mNo edit summary |
mNo edit summary |
||
| Line 28: | Line 28: | ||
* {{new|(Engineer) Write patch for phase 1 and land}} | * {{new|(Engineer) Write patch for phase 1 and land}} | ||
* {{new|(Engineer) Write patch for phase 2 and land}} | * {{new|(Engineer) Write patch for phase 2 and land}} | ||
|Feature users and use cases=; Leaking search terms : From {{bug|587523#c0}}: "An example of this can be seen by searching for 'no knead bread' with Google, and clicking on the 4th search result, which takes you to www.breadtopia.com/basic-no-knead-method/, a page which "helpfully" lets you know that it is aware of the search terms that brought you to the site." | |Feature users and use cases=; Leaking search terms : From {{bug|587523#c0}}: "An example of this can be seen by searching for 'no knead bread' with Google, and clicking on the 4th search result, which takes you to www.breadtopia.com/basic-no-knead-method/, a page which "helpfully" lets you know that it is aware of the search terms that brought you to the site." | ||
; Outbound link anonymization : Many sites like gmail send outbound links through a common redirect to strip off any information that may be present in the URL. Supporting rel="noreferrer" reduces the need for extra HTTP traffic and redirects. | ; Outbound link anonymization : Many sites like gmail send outbound links through a common redirect to strip off any information that may be present in the URL. Supporting rel="noreferrer" reduces the need for extra HTTP traffic and redirects. | ||
|Feature requirements=* Test plan must be created and implemented | |Feature requirements=* Test plan must be created and implemented | ||
* Use cases must be clearly outlined and it must be clear how the feature addresses each. | * Use cases must be clearly outlined and it must be clear how the feature addresses each. | ||
| Line 38: | Line 37: | ||
* We are not replacing the HTTP referer header | * We are not replacing the HTTP referer header | ||
* This is not the Origin header | * This is not the Origin header | ||
|Feature implementation notes=* [http://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919 Facebook write-up on "HTTP-Referer" woes] | |Feature implementation notes=* [http://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919 Facebook write-up on "HTTP-Referer" woes] | ||
* [http://www.webkit.org/blog/907/webkit-nightlies-support-html5-noreferrer-link-relation/ the rel="noreferrer" attribute] | * [http://www.webkit.org/blog/907/webkit-nightlies-support-html5-noreferrer-link-relation/ the rel="noreferrer" attribute] | ||
* {{bug|587523}}: strip referrer in a future anonymous mode | * {{bug|587523}}: strip referrer in a future anonymous mode | ||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||
| Line 50: | Line 47: | ||
|Feature engineering team=Networking | |Feature engineering team=Networking | ||
}} | }} | ||
{{FeatureTeamStatus | {{FeatureTeamStatus}} | ||
}} | |||