configuration: server A with SSL enabled server B with SSL enabled server A has a testcase.html with a link: ---- code begins ---- <html> <head> <title>mozilla bug</title> </head> <body> <a href="https://<server B>/secured.cgi">link</a><br> </body> </html> ---- code ends ---- server B has a secured.cgi script: ---- code begins ---- #!/bin/sh echo Content-type: text/html echo echo echo "<html><head><title>HTTP referrer</title></head><body>" echo "<h3>HTTP_REFERER = $HTTP_REFERER</h3>" echo "</body>" echo "</html>" ---- code ends ---- steps to reproduce the bug: 1. point mozilla to https://<server A>/testcase.html 2. click the link 3. mozilla loads https://<server B>/secured.cgi expected results: secured.cgi should display the following text HTTP_REFERER=https://<server A>/testcase.html actual results: secured.cgi displays empty referrer HTTP_REFERER= note: in the first step, if you pointed your browser to http://<server A>/testcase.html, everything works as expected. IE handles this as expected. using build Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1a+) Gecko/20020703
*** Bug 157053 has been marked as a duplicate of this bug. ***
AFAIK This is no bug, this is a security feature !
dupe of bug 141641 (we will not send the full REFERER but we will send a part) *** This bug has been marked as a duplicate of 141641 ***