Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For one thing, examining referer is a common way that a server determines a request is not a hotlink. Sure you can do something more complicated with cookies or whatever, but lots of sites are just using referer and they'll break if the client doesn't send it.


But for that it's enough to send it for same-origin requests. No need to send it cross-origin, except for tracking purposes.


That'd still break the distinction between hotlinking and the user using a bookmark or copy/paste to directly open the URL in question.


Letting the sites distinguish between the two does not seem to be in the interest of the user.


Well, it'd mean that any site blocking hotlinking would also automatically block direct bookmarks/URL entry, too, which isn't really in the "interest of the user" either, I'd say.


If Chrome suddenly stopped sending referrer headers, let's be real here, 99% of websites would be fixed within a couple of days at most.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: