Hacker News new | past | comments | ask | show | jobs | submit login

It hides the referer which is unfortunate. Maybe an option only to login, register, etc via HTTPS?



Many people, myself included, would see that as a good thing. Not an "unfortunate" thing. Limiting HTTPS to logins only allows session hijacking. Session hijacking is a serious problem.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: