Not at all related to the article, but I think this is the first time I have seen a page modify its contents based on the referrer site. If you click the link (and your browser uses the "Referer" header), it will have a blurb at the top welcoming hacker news readers. If you copy the URL manually, it does not.
If you remove the -H "Referer: ..." part, it will no longer contain the word "hacker".
Honestly, I am a little surprised that Firefox is sending the "Referer" header. It feels like a relic from the days when we (mostly) weren't concerned with being tracked. I suppose that it must have practical uses that would break without it.
Quekid5•1mo ago
I think the Referer header kinda-sorta serves as mitigation for 3rd parties just (maliciously) hot-linking to, say, images on your domain, effectively forcing you to bear the cost of upload bandwidth for those images.
(And similar, it's just that images sprang to mind.)
jsheard•1mo ago
Browsers have clamped down on that somewhat by enforcing stricter referrer policies by default if the originating server doesn't specify one. It used to be a total free for all where everyone could always see the full referring URL, then it was changed to completely blank the referrer on secure-to-insecure transitions, then it was changed again to also blank the path on cross-origin transitions so only the referring origin is revealed.
snuxoll•1mo ago
It is used for tracking, that's the whole point of the header. "Who's sending me all of this traffic" is a useful, non-invasive thing for websites to have access to. You can use rel="noreferrer" on a link to disable the header on a specific link, as well as the `Referrer-Policy` header and `<meta name="referrer" />` to have some additional control (the 'origin-when-cross-origin' value can be useful in some cases, so destination sites can attribute what origin traffic came from, but not the specific page, while still being able to track it on your own origin - I think this is actually the default behavior in browsers these days).
peacebeard•1mo ago
A useful thing you can do is make your html linter error if a link has target=blank without rel=noreferrer
It's a little neat that it works without javascript too.
some_furry•1mo ago
Yeah, I do something similar with my blog (except via JavaScript). The motivation is similar to Cendyne's.
(Because it's exhausting to have to explain for the 1000th time that I'm not going to make my blog non-furry just because some rando hates furries and thinks being a part of a nerd community is pornographic.)
sudobash1•1mo ago
You can also see this using curl:
If you remove the -H "Referer: ..." part, it will no longer contain the word "hacker".Honestly, I am a little surprised that Firefox is sending the "Referer" header. It feels like a relic from the days when we (mostly) weren't concerned with being tracked. I suppose that it must have practical uses that would break without it.
Quekid5•1mo ago
(And similar, it's just that images sprang to mind.)
jsheard•1mo ago
snuxoll•1mo ago
peacebeard•1mo ago
EG https://html-eslint.org/docs/rules/no-target-blank/
rdmuser•1mo ago
some_furry•1mo ago
(Because it's exhausting to have to explain for the 1000th time that I'm not going to make my blog non-furry just because some rando hates furries and thinks being a part of a nerd community is pornographic.)