From: Fabian Keil <fk@fabiankeil.de>
Date: Wed, 14 Feb 2007 17:15:36 +0000 (+0000)
Subject: Allow access to Privoxy's CGI pages, don't call trusted
X-Git-Tag: v_3_0_7~332
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=7771ace7e31aca3163179f61afb58ceea217945a

Allow access to Privoxy's CGI pages, don't call trusted
domains "safe", note that "+" is unsafe in most environments
and remove the comment about "*" (doesn't work).
---

diff --git a/trust b/trust
index d68ce7e2..97bb6654 100644
--- a/trust
+++ b/trust
@@ -2,7 +2,7 @@
 # 
 #  File        :  $Source: /cvsroot/ijbswa/current/trust,v $
 # 
-#  $Id: trust,v 1.2.2.1 2002/10/01 04:57:15 hal9 Exp $
+#  $Id: trust,v 1.4 2006/07/18 14:48:47 david__schmidt Exp $
 #
 #  Purpose     :  Trustfiles are an experimental feature used for
 #                 building "whitelists" (versus the usual "blacklists"
@@ -52,24 +52,34 @@
 # detail, see http://www.privoxy.org/user-manual/config.html#TRUSTFILE.
 
 # List trusted domains here. The default is to block any URL that is NOT
-# referenced. Access to trusted domains, includes all paths within that
-# domain. Preceding a domain with a '+' character, will designate that domain
-# as a "trusted referrer", meaning any pages linked from that site will be
-# allowed, and then added dynamically to this file. Thus, this builds a
-# "white-list" of safe places to browse. Note this means that the file will
-# grow with use!
+# referenced. Access to trusted domains includes all paths within that
+# domain.
+
+# Preceding a domain with a '+' character will designate that domain
+# as a "trusted referrer", meaning any requests whose HTTP "Referer" headers
+# contain an URL from that domain will be allowed, and the previously untrusted
+# host will be dynamically added to this file. Thus, this builds a "white-list"
+# of hosts the user is allowed to visit.
+
+# Note this means that the file will grow with use!
+
+# Also note that you can only trust referrers if you control the user's
+# system and make sure that there are no programs available that allow
+# to set arbitrary headers.
 
 # Preceding the domain with '~' character allows access to that domain only
-# (including all paths within that domain). But does not allow access to links
+# (including all paths within that domain), but does not allow access to links
 # to other, outside domains. Sites that are added dynamically by trusted 
-# referrers, will include the '~' character, as thus do not become trusted
+# referrers will include the '~' character, and thus do not become trusted
 # referrers themselves.
 
-# Example: to allow example.com and links that come from example.com,
-# uncomment this line:
+# Example: to allow example.com and to white-list domains that appear to
+# be reached through links from example.com, uncomment this line:
 
-#  +example.com 
+# +example.com 
 
-# and comment the last line (* alone), which would unblock everything:
+# The next two lines make sure that the user can access Privoxy's
+# CGI pages, without automatically trusting their links.
 
-# *
+~config.privoxy.org
+~p.p