Closed Bug 1524745 Opened 6 years ago Closed 6 years ago

Shadertoy demos not working when referrer header not sent

Categories

(Core :: Graphics: CanvasWebGL, defect)

64 Branch
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: trass3r, Unassigned)

References

()

Details

(Keywords: parity-chrome)

User Agent: Mozilla/5.0 (Android 8.0.0; Mobile; rv:64.0) Gecko/64.0 Firefox/64.0

Steps to reproduce:

open any demo, e.g. ://www.shadertoy.com/view/wdj3Wm

Actual results:

Messagebox "Error loading shader"

Expected results:

working demo like in Chrome

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
20190124174741

Works for me in a brand new profile. I can reproduce it on my regular profile, which I tracked down to not allowing the referrer ID to be sent. The error message is so generic that I'm sure it could have other causes.

Component: Untriaged → Canvas: WebGL
Keywords: parity-chrome
Product: Firefox → Core

Yes indeed I usually disable the referrer. When enabling it, the page works, even on Android.
I wish that setting was a bit more sophisticated, like only sending the referrer when the domain is the same or something like that.

The shadertoy code does not seem to check it explicitly though.
Just some response variable is suddenly null.

Thank you for confirming. I'll close this since it's not a browser bug.

Below is the list of currently available referrer about:config preferences. If these don't suit your needs, look into add-ons. I personally use Referer Control though I don't know if it works on Android.

// Prefs allowing granular control of referers
// 0=don't send any, 1=send only on clicks, 2=send on image requests as well
pref("network.http.sendRefererHeader",      2);
// Set the default Referrer Policy; to be used unless overriden by the site
// 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin,
// 3=no-referrer-when-downgrade
pref("network.http.referer.defaultPolicy", 3);
// Set the Private Browsing Default Referrer Policy;
// to be used unless overriden by the site;
// values are identical to defaultPolicy above
pref("network.http.referer.defaultPolicy.pbmode", 2);
// false=real referer, true=spoof referer (use target URI as referer)
pref("network.http.referer.spoofSource", false);
// false=allow onion referer, true=hide onion referer (use empty referer)
pref("network.http.referer.hideOnionSource", false);
// 0=full URI, 1=scheme+host+port+path, 2=scheme+host+port
pref("network.http.referer.trimmingPolicy", 0);
// 0=full URI, 1=scheme+host+port+path, 2=scheme+host+port
pref("network.http.referer.XOriginTrimmingPolicy", 0);
// 0=always send, 1=send if base domains match, 2=send if hosts match
pref("network.http.referer.XOriginPolicy", 0);
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
Summary: Shadertoy demos not working → Shadertoy demos not working when referrer header not sent

The relevant code is:

function loadComments()
{
var httpReq = new XMLHttpRequest();
httpReq.onload = function()
{
var jsn = httpReq.response;
updatepage( jsn );
};
httpReq.open( "POST", "/comment", true );
httpReq.responseType = "json";
httpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
httpReq.send( "s=" + gShaderID );
}

jsn is null without referer.

Thanks for the info about the other prefs!
I've now set all the *Policy prefs to 2 and reset the network.http.sendRefererHeader to 2.
Works nicely.

You need to log in before you can comment on or make changes to this bug.