346e571230
It used to be possible to customize 'url-privacy-level' so that the user's email address was sent along in HTTP requests. Since 'url-privacy-level' is also a blocklist, rather than an allowlist, this meant that a mere misconfiguration of Emacs risked exposing the user's email address. This is a serious privacy risk, and it is thus better if we remove this dangerous feature altogether. * lisp/url/url-http.el (url-http-create-request): Never send the user email address. * lisp/url/url-vars.el (url-personal-mail-address): Make obsolete. * lisp/url/url-privacy.el (url-setup-privacy-info): Don't set above obsolete variable. * doc/misc/url.texi (Customization): * lisp/url/url-vars.el (url-privacy-level): Update documentation to reflect the above changes. |
||
|---|---|---|
| .. | ||
| ChangeLog.1 | ||
| url-auth.el | ||
| url-cache.el | ||
| url-cid.el | ||
| url-cookie.el | ||
| url-dav.el | ||
| url-domsuf.el | ||
| url-expand.el | ||
| url-file.el | ||
| url-ftp.el | ||
| url-future.el | ||
| url-gw.el | ||
| url-handlers.el | ||
| url-history.el | ||
| url-http.el | ||
| url-imap.el | ||
| url-irc.el | ||
| url-ldap.el | ||
| url-mailto.el | ||
| url-methods.el | ||
| url-misc.el | ||
| url-news.el | ||
| url-nfs.el | ||
| url-parse.el | ||
| url-privacy.el | ||
| url-proxy.el | ||
| url-queue.el | ||
| url-tramp.el | ||
| url-util.el | ||
| url-vars.el | ||
| url.el | ||