Closed Bug 157054 Opened 22 years ago Closed 22 years ago

HTTP_REFERER is not passed when href link points to other https server

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 141641

People

(Reporter: mstrumyla, Assigned: darin.moz)

References

Details

configuration:
server A with SSL enabled
server B with SSL enabled

server A has a testcase.html with a link:
---- code begins ----
<html>
<head>
<title>mozilla bug</title>
</head>
<body>
<a href="https://<server B>/secured.cgi">link</a><br>
</body>
</html>
---- code ends ----

server B has a secured.cgi script:
---- code begins ----
#!/bin/sh

echo Content-type: text/html
echo
echo
echo "<html><head><title>HTTP referrer</title></head><body>"
echo "<h3>HTTP_REFERER = $HTTP_REFERER</h3>"
echo "</body>"
echo "</html>"
---- code ends ----


steps to reproduce the bug:
1. point mozilla to https://<server A>/testcase.html 
2. click the link
3. mozilla loads https://<server B>/secured.cgi

expected results:
secured.cgi should display the following text
HTTP_REFERER=https://<server A>/testcase.html

actual results:
secured.cgi displays empty referrer
HTTP_REFERER=

note: in the first step, if you pointed your browser to http://<server
A>/testcase.html,
everything works as expected.

IE handles this as expected.

using build
Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1a+) Gecko/20020703
*** Bug 157053 has been marked as a duplicate of this bug. ***
AFAIK This is no bug, this is a security feature !

dupe of bug 141641
(we will not send the full REFERER but we will send a part)


*** This bug has been marked as a duplicate of 141641 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
verified dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.