On Tue, Jul 2, 2019 at 6:16 AM Thomas Nguyen wrote:
> DevTools bug: No
>
Wouldn't it be helpful to indicate such truncation in the console (as a
warning) or network panel (with a request badge)? I can imagine developers
being confused about why the referrer header is not what they expect it to
Summary:
Servers often reject requests entailing an overly long `Referer` header.
Additionally, attackers can retain control over the header on `no-cors`
requests and force an error when fetching a subresource which allows them
to perform cache probing attacks by looking at the error event of the
2 matches
Mail list logo