I-Mozilla ishintshe indlela ekhiqiza ngayo unhlokweni we-HTTP Referer kuFirefox 87, ehlelelwe ukukhishwa kusasa. Ukuze uvimbele ukuvuza okungenzeka kwedatha eyimfihlo, ngokuzenzakalelayo lapho uqondisa kabusha kwamanye amasayithi, isihloko se-Referer HTTP ngeke sifake i-URL egcwele yomthombo lapho inguquko yenziwe khona, kodwa isizinda kuphela. Indlela nemingcele yesicelo izosikwa. Labo. esikhundleni sokuthi βI-Referer: https://www.example.com/path/?argumentsβ, βI-Referer: https://www.example.com/β izothunyelwa. Ukuqala ngeFirefox 59, lokhu kuhlanza kwenziwa kumodi yokuphequlula yangasese, futhi manje kuzonwetshwa kumodi eyinhloko.
Ukuziphatha okusha kuzosiza ukuvimbela ukudluliswa kwedatha engadingekile yomsebenzisi kumanethiwekhi okukhangisa nezinye izinsiza zangaphandle. Njengesibonelo, ezinye izingosi zezokwelapha zinikezwa, ohlelweni lokubonisa ukukhangisa lapho abantu besithathu bengathola khona ulwazi oluyimfihlo, olufana neminyaka yesiguli kanye nokuxilongwa. Ngesikhathi esifanayo, ukususa imininingwane ku-Referer kungase kuthinte kabi ukuqoqwa kwezibalo mayelana nokushintshwa kwabanikazi besayithi, abangeke manje bakwazi ukunquma ngokunembile ikheli lekhasi langaphambilini, isibonelo, ukuqonda ukuthi iyiphi i-athikili ukuguqulwa okwenziwe. kusuka. Kungase futhi kuphazamise ukusebenza kwamanye amasistimu okukhiqiza okuqukethwe ahlaziya okhiye abaholele ekuguqukeni kwenjini yokusesha.
Ukuze ulawule ukulungiselelwa kwe-Referer, isihloko se-Referrer-Policy HTTP sinikezwa, lapho abanikazi besayithi bangakwazi ukubhala ngaphezulu ukuziphatha okuzenzakalelayo koshintsho olusuka kusayithi labo futhi babuyisele ulwazi olugcwele ku-Referer. Okwamanje, inqubomgomo ezenzakalelayo ithi "no-referrer-when-downgrade", lapho i-Referer ingathunyelwanga lapho yehla isuka ku-HTTPS iye ku-HTTP, kodwa ithunyelwa ngefomu eligcwele lapho kulandwa izinsiza nge-HTTPS. Ukuqala ngeFirefox 87, umgomo othi βstrict-origin-when-cross-originβ uzoqala ukusebenza, okusho ukusika izindlela namapharamitha lapho uthumela isicelo kwabanye ababungazi lapho ufinyelela nge-HTTPS, ususa uMbhekiseli lapho usuka ku-HTTPS uye ku-HTTPS. HTTP, kanye nokudlulisa i-Referer ephelele yoshintsho lwangaphakathi ngaphakathi kwesayithi elilodwa.
Ushintsho luzosebenza ezicelweni ezijwayelekile zokuzulazula (izixhumanisi ezilandelayo), ukuqondisa kabusha okuzenzakalelayo, nalapho kulayishwa izinsiza zangaphandle (izithombe, i-CSS, imibhalo). Ku-Chrome, ukushintshela okuzenzakalelayo kokuthi "strict-origin-when-cross-origin" kwasetshenziswa ehlobo eledlule.
Source: opennet.ru