Closed Bug 337766 Opened 14 years ago Closed 13 years ago

From a plugin, doing a post with NPN_PostURLNotify, the referer header is not sent by Firefox

Categories

(Core :: Plug-ins, defect)

defect
Not set

Tracking

()

RESOLVED INVALID

People

(Reporter: jmott, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3

From inside the Flash plugin I'm doing a NPN_PostURLNotify.  I'm specifying a number of headers, including referer.  All the other headers make it to the server, but referer does not.

Reproducible: Always

Steps to Reproduce:
1. Get the Flash player 9 beta
2. Go to any site that does a POST

Actual Results:  
Referer header is stripped out of the request

Expected Results:  
Referer header makes it to the server.  This works in Safari on Mac, but does not work in Firefox on Mac or Win.
URL: any
Component: General → Plug-ins
Product: Firefox → Core
QA Contact: general → plugins
Version: unspecified → Trunk
OK, do you have an example URL for "go to any site that does a POST"?
Whoops, that was harder than I thought.  Try http://www.fontsforflash.com/ it does a couple of posts right off the bat.  Also the release version of player 9 is available, no need to go back and try to dig up a beta version.
No longer an issue, we don't allow referer headers to be set any more for security reasons.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Duplicate of this bug: 409119
Duplicate of this bug: 410904
Duplicate of this bug: 410904
Duplicate of this bug: 410904
Duplicate of this bug: 410904
But why/how this works via Opera and Internet Explorer with Flash plug-in?
I dont confirm Vee's comment
thats wrong

I had checked HEADERS with IE6/7, FF2/3 and OPERA while my flash player fetchs FLV, there was no REFERRER header
Duplicate of this bug: 480195
(In reply to comment #3)
> No longer an issue, we don't allow referer headers to be set any more for
> security reasons.

Can you explain why ?
Because the security and so the responsability are the fact of the plugin used.
In this case Firefox disables a plugin feature, and that's not it's role. 

So is this BUG being patched soon please ???
You need to log in before you can comment on or make changes to this bug.