151438 - Dragging a link does not send referer

Status: NEW

(Core :: DOM: Copy & Paste and Drag & Drop, defect, P5)

Description

[Jesse Ruderman]

1. Load http://nastyarea.bigfast.net/te277/.
2. Drag one of the image links into another Mozilla window.

No referer is sent, so the link gives a 403-forbidden error.

Comment 1

[Terri Preston]

qa contact -> pmac

Comment 2

[Brant Gurganus]

By the definitions on <http://bugzilla.mozilla.org/bug_status.html#severity> and
<http://bugzilla.mozilla.org/enter_bug.cgi?format=guided>, crashing and dataloss
bugs are of critical or possibly higher severity.  Only changing open bugs to
minimize unnecessary spam.  Keywords to trigger this would be crash, topcrash,
topcrash+, zt4newcrash, dataloss.

Comment 3

[Jesse Ruderman]

Dragging a link (e.g. to about:config) also fails to check whether the page is
allowed to link to the URL.

Comment 4

[Sven Neuhaus]

Brant, care to explain why this bug is marked critical?
I don't even think the "dataloss" keyword is justified.
Relying on HTTP_REFERER for authentication (as suggested by Jesse) is a Bad Idea.

Btw, the example URL now redirects to a hardcore site. Is it supposed to?

Comment 5

[Jesse Ruderman]

The original URL was a porn site.  It is now gone.  Try a link to
http://www.delorie.com:81/some/url.html instead.

Not dataloss, so not critical.

By the way, I didn't suggest using referer, nor do porn sites use the referer to
authenticate users.  Porn sites use the referer to make sure other sites don't
embed their images.

Comment 7

[eyal gruss]

dragging is a shortcut for copy-paste-go so expect the behavior to be the same

Comment 8

[Jens Stutte [:jstutte]]

Bulk-downgrade of unassigned, >=5 years untouched DOM/Storage bugs' priority and severity.

If you have reason to believe this is wrong, please write a comment and ni :jstutte.