Closed Bug 1143642 Opened 11 years ago Closed 10 years ago

Option to restrict the sending of the Referer header to the same site

Categories

(Core :: Networking: HTTP, enhancement)

Product:
Core
Component:
Networking: HTTP
Version:
37 Branch
Platform:
x86_64
Windows 8.1
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: bugs, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 Build ID: 20150312193711 Steps to reproduce: Try to restrict sending of the Referer header to the same site to protect privacy while, at the same time, allowing cross-site request forgery (XSRF) counter measures that rely on the Referer header to work. Actual results: Cannot configure Firefox for best privacy and security at the same time. Expected results: network.http.sendRefererHeader should allow to restrict the Referer header to the same site, or, more granular, to the same URL prefix including the scheme.
Why is using an addon providing more options, like RefControlor or Referrer Control, not an option?
Severity: normal → enhancement
Flags: needinfo?(bugs)
network.http.referer.XOriginPolicy 0 (default) = always send; 1 = send when base domains match; 2 = send when hosts match http://mxr.mozilla.org/mozilla-release/source/modules/libpref/init/all.js#1212 Please comment whether that's what you were looking for.
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.