Hi Thomas,
Yes, I just looked at RFC7231 (section 5.5.2) and while there are
security implications
of usage of the 'Referer' header, the HTTP client library does not have
the relevant context
to decide whether it should be set or not. My view is that this is the
responsibility of
the calling c
Hi,
i have an question about the new HttpClient from JDK11.
Is there any good reason that the Referer header is restricted?
Because i have scenarios where the customer server expect Referer header
in the Login sequence.
So is there any way how to set restricted headers?
Gruß Thomas
On 14.08
