#
# File : $Source: /cvsroot/ijbswa/current/trust,v $
#
-# $Id: trust,v 1.2.2.1 2002/10/01 04:57:15 hal9 Exp $
+# $Id: trust,v 1.4 2006/07/18 14:48:47 david__schmidt Exp $
#
# Purpose : Trustfiles are an experimental feature used for
# building "whitelists" (versus the usual "blacklists"
# detail, see http://www.privoxy.org/user-manual/config.html#TRUSTFILE.
# List trusted domains here. The default is to block any URL that is NOT
-# referenced. Access to trusted domains, includes all paths within that
-# domain. Preceding a domain with a '+' character, will designate that domain
-# as a "trusted referrer", meaning any pages linked from that site will be
-# allowed, and then added dynamically to this file. Thus, this builds a
-# "white-list" of safe places to browse. Note this means that the file will
-# grow with use!
+# referenced. Access to trusted domains includes all paths within that
+# domain.
+
+# Preceding a domain with a '+' character will designate that domain
+# as a "trusted referrer", meaning any requests whose HTTP "Referer" headers
+# contain an URL from that domain will be allowed, and the previously untrusted
+# host will be dynamically added to this file. Thus, this builds a "white-list"
+# of hosts the user is allowed to visit.
+
+# Note this means that the file will grow with use!
+
+# Also note that you can only trust referrers if you control the user's
+# system and make sure that there are no programs available that allow
+# to set arbitrary headers.
# Preceding the domain with '~' character allows access to that domain only
-# (including all paths within that domain). But does not allow access to links
+# (including all paths within that domain), but does not allow access to links
# to other, outside domains. Sites that are added dynamically by trusted
-# referrers, will include the '~' character, as thus do not become trusted
+# referrers will include the '~' character, and thus do not become trusted
# referrers themselves.
-# Example: to allow example.com and links that come from example.com,
-# uncomment this line:
+# Example: to allow example.com and to white-list domains that appear to
+# be reached through links from example.com, uncomment this line:
-# +example.com
+# +example.com
-# and comment the last line (* alone), which would unblock everything:
+# The next two lines make sure that the user can access Privoxy's
+# CGI pages, without automatically trusting their links.
-# *
+~config.privoxy.org
+~p.p