From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 18 Oct 2022 06:40:24 +0000 (+0200)
Subject: CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
X-Git-Tag: curl-7_86_0~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=40f35044019a1680517f46ac6e37b8a48b300b9a;p=thirdparty%2Fcurl.git

CURLOPT_AUTOREFERER.3: highlight the privacy leak risk

Closes #9757
---

diff --git a/docs/libcurl/opts/CURLOPT_AUTOREFERER.3 b/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
index c403b79856..e880eac263 100644
--- a/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
+++ b/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
@@ -32,9 +32,13 @@ CURLOPT_AUTOREFERER \- automatically update the referer header
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AUTOREFERER, long autorefer);
 .fi
 .SH DESCRIPTION
-Pass a parameter set to 1 to enable this. When enabled, libcurl will
+Pass a long parameter set to 1 to enable this. When enabled, libcurl will
 automatically set the Referer: header field in HTTP requests to the full URL
 where it follows a Location: redirect.
+
+The automatic referer is set to the full previous URL even when redirects are
+done cross-origin or following redirects to insecure protocols. This is
+considered a minor privacy leak by some.
 .SH DEFAULT
 0, disabled
 .SH PROTOCOLS