I have a site that uses formspree.io to receive a form post and send as email. But it doesn’t work on Brave because it depends on HTTP Referer.
It seems like there would be a number of cases like this where HTTP Referer is used as a simplistic security mechanism rather than a tracking mechanism.
Is there a feature planned to enable passing the Referer header for these cases? I recognize that it’s complicated, I’m just wondering if you’ve thought about ways to make this work. It seems like hard-coded whitelists as in https://github.com/brave/brave-core/pull/701 are a stopgap that won’t scale.