curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: On CURLOPT_AUTOREFERER privacy

From: Dan Fandrich via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 17 Oct 2022 10:16:41 -0700

On Mon, Oct 17, 2022 at 04:34:05PM +0200, Daniel Stenberg via curl-library wrote:
> On Mon, 17 Oct 2022, Timothe Litt via curl-library wrote:
>
> > > My initial PR for this work: https://github.com/curl/curl/pull/9750
> > >
> > Why change the default behavior?
>
> For improved privacy. Because the browsers sort of do it like this.

I agree with Timothe that this doesn't seem worthwhile breaking backward
compatibility. I discovered only recently that browsers have changed their
behaviour in this area when a site that was depending on receiving the full URL
broke. If someone is going to the trouble of enabling this option, then
they're doing so for a good reason and there's a reasonable chance they need
the full URL. I'm all for adding an option to add the host-only behaviour as an
option, but not to make it the default. I could probably be convinced to change
it in curl 8 when there's an expectation of some changes in behaviour.

Dan
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2022-10-17