Closed
Bug 16003
Opened 25 years ago
Closed 25 years ago
secure forms requesting "refering URL" not working
Categories
(Core :: DOM: Core & HTML, defect, P3)
Core
DOM: Core & HTML
Tracking
()
M14
People
(Reporter: holi, Assigned: gagan)
References
()
Details
When I go to http://shadnet.shad.ca, and login with my ID and password (when a
wrong password or ID is entered, you get a wrong username/pswd error, which is
normal and working right) in Mozilla, I get this error:
""""""
ShadNet -- Your refering URL is not allowed.
For security reasons, pages in ShadNet may only be linked to by other pages in
ShadNet. This is especially important when performing FORM processing.
If you are interested in more details, please contact the system administrator
[shadnetadmin@shad.ca] for more information
""""""
I'm using M10 right now, but have noticed the problem on every other previous
nightly builts and releases I used, starting from M3. I'm on Win98, but I am 99%
sure that the problem persists for every other platforms and OSs.
I won't give you my username&pswd for obvious reasons, but I asked the admin and
he made a test page that should normally show the refering URL when one is
provided. Look to: [http://dev.shad.ca/~odin/blah.html]. Netscape 4.61 will
display: "Content-Type: text/html You were referred by:
http://dev.shad.ca/~odin/blah.html" while Mozilla won't display anything.
Updated•25 years ago
|
Assignee: mwelch → warren
Comment 1•25 years ago
|
||
This is a referer bug. Reassigning to warren so that he can assign to the proper
person.
Updated•25 years ago
|
Assignee: warren → dougt
Target Milestone: M11
Comment 2•25 years ago
|
||
Doug and Gagan should handle this.
Comment 3•25 years ago
|
||
the url listed above is no longer valid.
Sorry about that, the admin did a CVS update and it nuked it. The url
[http://dev.shad.ca/~odin/blah.html] is back online now.
Seems like form submission has broken referer sending. I recall having added
that myself. So am taking over and going to investigate...
My first hunch is that we are using all lower case headers which for some
scripts is bad, even though the spec says its valid. But I am going to hold back
my comments on it till I can figure out whats going on here.
Updated•25 years ago
|
Target Milestone: M11 → M12
Comment 6•25 years ago
|
||
m12
Comment 8•25 years ago
|
||
Moving what's not done for M12 to M13.
Updated•25 years ago
|
Assignee: warren → gagan
Comment 9•25 years ago
|
||
Back to Gagan for m13.
Updated•25 years ago
|
Target Milestone: M13 → M14
Updated•25 years ago
|
Summary: [4.xP] secure forms requesting "refering URL" not working → secure forms requesting "refering URL" not working
Comment 11•25 years ago
|
||
I think this is a dup of bug 1582 - Send HTTP_REFERER value to server. Marking
as such.
*** This bug has been marked as a duplicate of 1582 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•