Closed Bug 1491589 Opened 7 years ago Closed 7 years ago

Referer being incorrectly set to wrong domain for cross-domain requests

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
62 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: slango22, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 Build ID: 20180905224245 Steps to reproduce: Browse to a site containing references to cross-origin content (such as images served via a CDN) Referer settings in about:config are at their defaults for version 62 (and this behavior has existed at least as far back as 59) Actual results: Referer is incorrectly set to the CDN domain, but should be set to origin domain, even in private browsing given the default policy. In fact, no setting should result in this particular behavior aside from spoofSource=true along with trimmingPolicy=2 (currently set to 'false' and '0' by default) This breaks sites with strict hotlinking protection, such as fanfiction's cover image CDN. Sites with more lenient hotlinking prevention (if the CDN's domain is a valid referrer) should work fine. Expected results: Referer should have been set to the page domain instead of the CDN domain.
Chromium works as expected; given a Referrer-Policy of 'no-referrer-when-downgrade', it sends the correct referrer in the CDN request. Firefox's default policy for regular browsing is 'no-referrer-when-downgrade', yet has the behavior described above.
Nevermind, works with fresh profile. Wonder what "default" setting isn't actually at it's default?
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.