emacs/lisp/url
Stefan Kangas 346e571230 Never send user email address in HTTP requests
It used to be possible to customize 'url-privacy-level' so that the
user's email address was sent along in HTTP requests.  Since
'url-privacy-level' is also a blocklist, rather than an allowlist,
this meant that a mere misconfiguration of Emacs risked exposing the
user's email address.  This is a serious privacy risk, and it is thus
better if we remove this dangerous feature altogether.

* lisp/url/url-http.el (url-http-create-request): Never send the
user email address.
* lisp/url/url-vars.el (url-personal-mail-address): Make obsolete.
* lisp/url/url-privacy.el (url-setup-privacy-info): Don't set
above obsolete variable.
* doc/misc/url.texi (Customization):
* lisp/url/url-vars.el (url-privacy-level): Update documentation
to reflect the above changes.
2023-12-17 10:00:22 +01:00
..
ChangeLog.1
url-auth.el
url-cache.el
url-cid.el
url-cookie.el
url-dav.el
url-domsuf.el
url-expand.el
url-file.el
url-ftp.el
url-future.el
url-gw.el Make url-gateway-broken-resolution obsolete 2023-09-02 02:37:03 +02:00
url-handlers.el
url-history.el
url-http.el Never send user email address in HTTP requests 2023-12-17 10:00:22 +01:00
url-imap.el
url-irc.el Don't use func-arity to trigger API warning in url-irc 2023-11-12 20:36:32 -08:00
url-ldap.el
url-mailto.el Don't use mapconcat for effect 2023-04-10 15:20:27 +02:00
url-methods.el
url-misc.el ; Fix 'make-obsolete-variable' forms 2023-03-18 09:12:12 +02:00
url-news.el
url-nfs.el
url-parse.el
url-privacy.el Never send user email address in HTTP requests 2023-12-17 10:00:22 +01:00
url-proxy.el
url-queue.el
url-tramp.el
url-util.el
url-vars.el Never send user email address in HTTP requests 2023-12-17 10:00:22 +01:00
url.el