Path: csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <python.list@tim.thechases.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.029
X-Spam-Evidence: '*H*': 0.94; '*S*': 0.00; 'subject:form': 0.07; 'subject:missing': 0.07; 'absent': 0.09; 'assume': 0.14; '-tkc': 0.16; 'blocking': 0.16; 'from:addr:python.list': 0.16; 'from:addr:tim.thechases.com': 0.16; 'from:name:tim chase': 0.16; 'leakage': 0.16; 'obviously,': 0.16; 'subject:key': 0.16; 'wrote:': 0.18; 'header': 0.24; 'query': 0.26; 'header:In-Reply- To:1': 0.27; 'absolute': 0.30; 'code': 0.31; 'another': 0.32; 'there': 0.35; 'charset:us-ascii': 0.36; 'subject:?': 0.36; 'should': 0.36; 'easily': 0.37; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'browser': 0.61; 'john': 0.61; 'address': 0.63; 'such': 0.63; 'missing.': 0.84; 'plugins': 0.84; 'received:50.22': 0.84; 'treating': 0.84
Date: Wed, 25 Sep 2013 09:58:07 -0500
From: Tim Chase <python.list@tim.thechases.com>
To: python-list@python.org
Subject: Re: Referrer key missing form os.environ dictionary?
In-Reply-To: <l1urbg$4mm$1@reader1.panix.com>
References: <l1ulsv$4mv$1@dont-email.me> <l1urbg$4mm$1@reader1.panix.com>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - boston.accountservergroup.com
X-AntiAbuse: Original Domain - python.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - tim.thechases.com
X-Get-Message-Sender-Via: boston.accountservergroup.com: none
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.317.1380120986.18130.python-list@python.org>
Lines: 22
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1380120986 news.xs4all.nl 15977 [2001:888:2000:d::a6]:45694
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:54740

On 2013-09-25 14:18, John Gordon wrote:
> However, if the user did not arrive from another page, then
> HTTP_REFERER will be missing.  This happens when the user types the
> web address directly into their browser, or clicks on a bookmark,
> or many other ways.
> 
> Also, obviously, it's up to the browser to truthfully report
> HTTP_REFERER;

There are browser plugins that allow blocking or manually-overriding
the outbound refer[r]er header which help mitigate data leakage such
as search-engine query strings or work around website limitations.  So
server-side code should always assume that the HTTP_REFERER header can
be absent or easily be spoofed, treating it as a hint, not absolute
truth.

-tkc