>>I already expressed my feedback on it. So others know, this is a standard variable and shouldn't be made hidden by any network. Some specific modules need that recognition on the site here and this value should be released.
>
>That's one of the most ridiculous arguments I have ever heard.
It's not an argument but a technical explication on what is happending on the background.
>The HTTP_REFERER variable is an optional part of the HTTP spec. As such, you can not be guaranteed that it will exist for your purposes. Since it is an optinal part of the specification, you can't dictate that it be made available. Network admins can do whatever they want/need to do with respect to their networks.
This is the same as how people were seeing the cookies a few years ago. They thought it was dangerous and a lot of bad comments were made on it. But, this is not why we did. We did it because we need it.
>Why do you need this field anyway for the Wish List. One of its purposes is to help prevent hijacking of your material. If the referring URL is not from your website or a trusted one, then you can deny access to a protected resource on your site.
This data is needed at 65% of the site now. This is an additional protection we need for the list module which controls most of the site now. We won't go in depth details about it. But, this is extremely important to us where it applies.
>However, the Wish List does not fall under this category, IMO. It should be made freely available to anyone from anywhere. And this is especially true since MS has deemed that it be the central repository for all such information.
1 There are other sources for Wish List items but this one is mentioned the most.
While you don't know why we need it, such as I expressed in the prior paragraph, I would just avoid doing such an argument. That's nothing personal, it's just that you don't know the security mecanism which in place. In 1995, users mentioned why we needed the authenticate on the site. It last for two years. We had to explain why we needed users to authenticate. Basically, could you believe how the Universal Thread would be today without a proper authentication. :) Well, the same applies here for security. That covers various topics such as firewall, hackers, logs, monitoring, ISPs, routes, HTTP_REFERER and such.
In all cases so far, about half a dozen, we resolved all the cases with the user in such a situation. In most cases, some tools locally were interferring with that. They all fixed it. So, they went all ok. The lowest common denominator, AFAIK, has been lowered to one user only. I already expressed many comments to him about that and provided the explanations. So, the support was done. And, I'm still doing it today to reply to you and others about it who request more information. I hope this clarifies a few other points who had.
