![]() It used to be possible to customize 'url-privacy-level' so that the user's email address was sent along in HTTP requests. Since 'url-privacy-level' is also a blocklist, rather than an allowlist, this meant that a mere misconfiguration of Emacs risked exposing the user's email address. This is a serious privacy risk, and it is thus better if we remove this dangerous feature altogether. * lisp/url/url-http.el (url-http-create-request): Never send the user email address. * lisp/url/url-vars.el (url-personal-mail-address): Make obsolete. * lisp/url/url-privacy.el (url-setup-privacy-info): Don't set above obsolete variable. * doc/misc/url.texi (Customization): * lisp/url/url-vars.el (url-privacy-level): Update documentation to reflect the above changes. |
||
---|---|---|
.. | ||
ChangeLog.1 | ||
url-auth.el | ||
url-cache.el | ||
url-cid.el | ||
url-cookie.el | ||
url-dav.el | ||
url-domsuf.el | ||
url-expand.el | ||
url-file.el | ||
url-ftp.el | ||
url-future.el | ||
url-gw.el | ||
url-handlers.el | ||
url-history.el | ||
url-http.el | ||
url-imap.el | ||
url-irc.el | ||
url-ldap.el | ||
url-mailto.el | ||
url-methods.el | ||
url-misc.el | ||
url-news.el | ||
url-nfs.el | ||
url-parse.el | ||
url-privacy.el | ||
url-proxy.el | ||
url-queue.el | ||
url-tramp.el | ||
url-util.el | ||
url-vars.el | ||
url.el |