Dnia 18.10.2024 o godz. 14:24:21 Bill Cole via mailop pisze: > > It's been a while since I checked, but it used to be that a web > server could instruct the browser to display any URL by setting the > Location header (but NOT refreshing.)
You mean response code 200 with a Location: header? Never tried that, will try. If that's the case, then it's a huge security flaw (only in some particular browser, or all of them?). With 200, Location: header, if present, should be simply ignored by the browser. It should have any meaning only with 3xx response codes. > There are definitely sites > where the URL in the address bar never changes as you navigate the > site, even to pages which actually have their own unique URLs. They may use hidden frames, use Javascript to send the actual page URL to a "wrapper" script that is the main address in the address bar, or use all kinds of tricky techniques. > Apple's Safari browser by default truncates the URL in the Address > bar and changing that to show full URLs is hidden in the "Advanced > Settings" preference pane. That's very bad. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
