Closed Bug 125749 Opened 23 years ago Closed 23 years ago

referer does not work with secure http

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: hjtoi-bugzilla, Assigned: darin.moz)

References

Details

I got this in email. It refers to NS 6, but I am pretty sure it applies to
Mozilla as well. I'll ask if the reporter could provide a test URL...

Running under Secure-Sockets Layer (SSL), our web page attempts to read the
HTTP_REFERER Server Variable (or HTTP Header), but fails to do so.  There's
no error, the value has simply vanished.  Without SSL, the same web page
does indeed read the value, as does all other versions (prior to 6) of
Netscape, and all Internet Explorer versions as well.
heikki: we'd need a testcase for sure.  mozilla does not send a Referer from one
SSL site to another site.  this allows the SSL site to encode sensitive
information in URLs without fear that it will be leaked outside its domain. 
this means that if you click on a link from one SSL site to another SSL site,
that there will be no Referer header sent.  likewise if you click on a link from
one SSL site to another non-SSL site.

we need to know what the situation is here.
Blocks: 61660
Since I haven't received any comments back, let's close this as worksforme.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.