Closed Bug 1750706 Opened 3 years ago Closed 5 months ago

Links with fragments break Referer header in request

Categories

(Core :: DOM: Security, defect, P2)

Product:
Core
Component:
DOM: Security
Version:
Firefox 96
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
124 Branch
Tracking Flags:
Tracking Status
firefox124 --- fixed

People

(Reporter: scott, Assigned: maltejur)

References

Details

(Whiteboard: [necko-triaged][domsecurity-active])

Attachments

(1 file)

Bug 1750706 - Copy referrer info to new session history entry during fragment navigation r?freddyb
48 bytes, text/x-phabricator-request
Details | Review

Following a link which contains a fragment causes the "Referer" header to be omitted when reloading the page.

Steps to replicate

(I've used python.org as an accessible example, not because this is an issue with python.org.)

  1. Open "Network" pane of developer tools
  2. Visit https://docs.python.org
  3. Select the "modules" link in the header bar
  4. Confirm that the resulting network request includes a "Referer" header, set to something like "https://docs.python.org/3/index.html"
  5. Reload the page (F5/command-R or window.location.reload();)
  6. Confirm that the network request still has the "Referer" header
  7. Select one of the alphabetical jump-links at the top of the page
    These use fragments to jump to other elements on the already-loaded page
  8. Reload the page
  9. Observe that network request no longer contains the "Referer" header

The same issue also occurs when following a link to a new page which also contains a fragment. e.g. following a link to example.com/#foo results in an initial request that contains Referer, but the header is omitted when reloading the page.

Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]
See Also: → 1324860

I think this should is coming from here:

https://searchfox.org/mozilla-central/rev/66d0e3cac02896d0249c6077742411722e6333f0/dom/security/ReferrerInfo.cpp#1260

already_AddRefed<nsIReferrerInfo> ReferrerInfo::CreateForFetch(

If I'm not mistaken, we can just compare the URIs without looking at the ref, and that would be OK?

Component: Networking: HTTP → DOM: Security

Note that aPrincipal->EqualsURI actually compares the URIs without Ref: Bug 1865119

See Also: → 1865119
Flags: needinfo?(dveditz)

Mh, maybe the ReferrerInfo::CreateForFetch() should call a comparison of URIs rather than Principals?
At least, if it wants to include the ref....

Malte, do you think you could take a look at this one?

Flags: needinfo?(mjurgens)

Sure

Assignee: nobody → mjurgens
Status: NEW → ASSIGNED
Flags: needinfo?(mjurgens)
Attachment #9376680 - Attachment description: WIP: Bug 1750706 - Copy referrer info to new session history entry during fragment navigation → Bug 1750706 - Copy referrer info to new session history entry during fragment navigation r?freddyb
Whiteboard: [necko-triaged] → [necko-triaged][domsecurity-active]
Pushed by mjurgens@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1c2a0facd686
Copy referrer info to new session history entry during fragment navigation r=freddyb

https://hg.mozilla.org/mozilla-central/rev/1c2a0facd686

Status: ASSIGNED → RESOLVED
Closed: 5 months ago
status-firefox124: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 124 Branch
Duplicate of this bug: 1324860
Blocks: 1881533
Flags: needinfo?(dveditz)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: