Mozilla enabled ads in Firefox and they're active in Fedora

Reindl Harald h.reindl at thelounge.net
Mon Nov 17 14:44:33 UTC 2014 

Am 17.11.2014 um 15:28 schrieb Bruno Wolff III:
> On Mon, Nov 17, 2014 at 15:06:21 +0100,
>   Reindl Harald <h.reindl at thelounge.net> wrote:
>> Am 17.11.2014 um 14:41 schrieb Bruno Wolff III:
>>> The referer header is sent by default. It isn't obvious how to disable
>>> that
>>
>> please don't propose disable the Referer globally
>> a samrt default would be
>> https://addons.mozilla.org/DE/firefox/addon/smart-referer/ to send it
>> only to the same domain
>
> Having to install a third party package to do this doesn't make it
> simple. This feature should be built in.

agreed - please try to convience Mozilla for that change instead propose 
send none at all

> Some people may not want to supply referer headers when moving around
> within sites. For that there should be a per domain override similar to
> cookies.
>
>> everytime when people come out with "how to disable referrer,
>> javascript and the useragent" they have no clue what harm they are
>> doing for sane websites wich try to protect themself and their owners
>> from automated attacks / junk
>
> Web sites should work just fine without a supplied user agent. If they
> don't, they are broken. bots can forge common user agent strings easily,
> relying on checking for user agent for security purposes is silly

i really do not need here to explain over a lot of text how you can 
*improve* the security of froms meaning "make it harder to submit them 
automated"

> number of sites think there are only 3 or 4 different browers and refuse
> to work if you aren't using one of them. Other web sites aren't designed
> to handle the optional user agent header not being supplied and will
> break needlessly

and a number of sites works around horrible browser bugs of old client 
software which sadly exists (the more business related a website is that 
more stone old clients are coming you can't refuse)

it would be way off-topic to explain what workarounds i needed to 
implement based on the user-agent to not hurt standard conform browsers 
and if it is only for image silders *only and really only* for MSIE8 add 
a ?random=time() to URL's because the cached ones break while other 
browsers happily can cache them instead load again and again the same stuff

if you ever worked more than 10 years in producing standard conform 
websites working on *any* browsers you would know what i mean

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141117/f52fc280/attachment.sig>

More information about the devel mailing list