The default bug view has changed. See this FAQ.

HTTP_REFERER is not passed when href link points to other https server

VERIFIED DUPLICATE of bug 141641

Status

()

Core
Networking: HTTP
VERIFIED DUPLICATE of bug 141641
15 years ago
15 years ago

People

(Reporter: Marius Strumyla, Assigned: Darin Fisher)

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
configuration:
server A with SSL enabled
server B with SSL enabled

server A has a testcase.html with a link:
---- code begins ----
<html>
<head>
<title>mozilla bug</title>
</head>
<body>
<a href="https://<server B>/secured.cgi">link</a><br>
</body>
</html>
---- code ends ----

server B has a secured.cgi script:
---- code begins ----
#!/bin/sh

echo Content-type: text/html
echo
echo
echo "<html><head><title>HTTP referrer</title></head><body>"
echo "<h3>HTTP_REFERER = $HTTP_REFERER</h3>"
echo "</body>"
echo "</html>"
---- code ends ----


steps to reproduce the bug:
1. point mozilla to https://<server A>/testcase.html 
2. click the link
3. mozilla loads https://<server B>/secured.cgi

expected results:
secured.cgi should display the following text
HTTP_REFERER=https://<server A>/testcase.html

actual results:
secured.cgi displays empty referrer
HTTP_REFERER=

note: in the first step, if you pointed your browser to http://<server
A>/testcase.html,
everything works as expected.

IE handles this as expected.

using build
Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1a+) Gecko/20020703

Comment 1

15 years ago
*** Bug 157053 has been marked as a duplicate of this bug. ***
AFAIK This is no bug, this is a security feature !
dupe of bug 141641
(we will not send the full REFERER but we will send a part)


*** This bug has been marked as a duplicate of 141641 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE

Comment 4

15 years ago
verified dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.