HTTP_REFERER is not passed when href link points to other https server

VERIFIED DUPLICATE of bug 141641

Status

()

defect
VERIFIED DUPLICATE of bug 141641
17 years ago
17 years ago

People

(Reporter: mstrumyla, Assigned: darin.moz)

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

17 years ago
configuration:
server A with SSL enabled
server B with SSL enabled

server A has a testcase.html with a link:
---- code begins ----
<html>
<head>
<title>mozilla bug</title>
</head>
<body>
<a href="https://<server B>/secured.cgi">link</a><br>
</body>
</html>
---- code ends ----

server B has a secured.cgi script:
---- code begins ----
#!/bin/sh

echo Content-type: text/html
echo
echo
echo "<html><head><title>HTTP referrer</title></head><body>"
echo "<h3>HTTP_REFERER = $HTTP_REFERER</h3>"
echo "</body>"
echo "</html>"
---- code ends ----


steps to reproduce the bug:
1. point mozilla to https://<server A>/testcase.html 
2. click the link
3. mozilla loads https://<server B>/secured.cgi

expected results:
secured.cgi should display the following text
HTTP_REFERER=https://<server A>/testcase.html

actual results:
secured.cgi displays empty referrer
HTTP_REFERER=

note: in the first step, if you pointed your browser to http://<server
A>/testcase.html,
everything works as expected.

IE handles this as expected.

using build
Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1a+) Gecko/20020703

Comment 1

17 years ago
*** Bug 157053 has been marked as a duplicate of this bug. ***
AFAIK This is no bug, this is a security feature !
dupe of bug 141641
(we will not send the full REFERER but we will send a part)


*** This bug has been marked as a duplicate of 141641 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE

Comment 4

17 years ago
verified dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.