337766 - From a plugin, doing a post with NPN_PostURLNotify, the referer header is not sent by Firefox

Status: RESOLVED INVALID

(Core Graveyard :: Plug-ins, defect)

Description

[Jeff Mott]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3

From inside the Flash plugin I'm doing a NPN_PostURLNotify.  I'm specifying a number of headers, including referer.  All the other headers make it to the server, but referer does not.

Reproducible: Always

Steps to Reproduce:
1. Get the Flash player 9 beta
2. Go to any site that does a POST

Actual Results:  
Referer header is stripped out of the request

Expected Results:  
Referer header makes it to the server.  This works in Safari on Mac, but does not work in Firefox on Mac or Win.

Comment 1

[Christian :Biesinger (don't email me, ping me on IRC)]

OK, do you have an example URL for "go to any site that does a POST"?

Comment 2

[Jeff Mott]

Whoops, that was harder than I thought.  Try http://www.fontsforflash.com/ it does a couple of posts right off the bat.  Also the release version of player 9 is available, no need to go back and try to dig up a beta version.

Comment 3

[Jeff Mott]

No longer an issue, we don't allow referer headers to be set any more for security reasons.

Comment 9

[Vee]

But why/how this works via Opera and Internet Explorer with Flash plug-in?

Comment 10

[ip_moosa]

I dont confirm Vee's comment
thats wrong

I had checked HEADERS with IE6/7, FF2/3 and OPERA while my flash player fetchs FLV, there was no REFERRER header

Comment 12

[rui]

(In reply to comment #3)
> No longer an issue, we don't allow referer headers to be set any more for
> security reasons.

Can you explain why ?
Because the security and so the responsability are the fact of the plugin used.
In this case Firefox disables a plugin feature, and that's not it's role. 

So is this BUG being patched soon please ???