Closed Bug 283619 Opened 19 years ago Closed 19 years ago

JavaScript redirection contains the HTTP referer

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 242656

People

(Reporter: luke, Assigned: bugzilla)

References

(
URL
)

Details

(Keywords: privacy) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1

Lots of sites use Javascript onclick and "javascript:" targets to navigate a
user to a new page without passing referer information (due to privacy,
security, etc).  If you view the testcase in Firefox (1.0.1 and the latest
nightly) you can see that the browser sends a "Referer:" header to the page
being redirected to, even if the redirection is made from Javascript.

Other browsers do not pass this information.

Reproducible: Always

Steps to Reproduce:
1. Navigate to test URL
2. Click the link to be redirected using a Javascript "document.location" call
3. Note that the full original URL is listed on the target page

Actual Results:  
Firefox passed a Referer header.

Expected Results:  
The Referer header should not have been included in an HTTP request triggered
from Javscript.
Keywords: privacy
Reporter, please read bug 242656, which was already set to INVALID

*** This bug has been marked as a duplicate of 242656 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.