Closed Bug 337766 Opened 14 years ago Closed 13 years ago
From a plugin, doing a post with NPN
_Post URLNotify, the referer header is not sent by Firefox
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52) Gecko/20060426 Firefox/184.108.40.206 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20060426 Firefox/18.104.22.168 From inside the Flash plugin I'm doing a NPN_PostURLNotify. I'm specifying a number of headers, including referer. All the other headers make it to the server, but referer does not. Reproducible: Always Steps to Reproduce: 1. Get the Flash player 9 beta 2. Go to any site that does a POST Actual Results: Referer header is stripped out of the request Expected Results: Referer header makes it to the server. This works in Safari on Mac, but does not work in Firefox on Mac or Win.
Component: General → Plug-ins
Product: Firefox → Core
QA Contact: general → plugins
Version: unspecified → Trunk
OK, do you have an example URL for "go to any site that does a POST"?
Whoops, that was harder than I thought. Try http://www.fontsforflash.com/ it does a couple of posts right off the bat. Also the release version of player 9 is available, no need to go back and try to dig up a beta version.
No longer an issue, we don't allow referer headers to be set any more for security reasons.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
But why/how this works via Opera and Internet Explorer with Flash plug-in?
I dont confirm Vee's comment thats wrong I had checked HEADERS with IE6/7, FF2/3 and OPERA while my flash player fetchs FLV, there was no REFERRER header
(In reply to comment #3) > No longer an issue, we don't allow referer headers to be set any more for > security reasons. Can you explain why ? Because the security and so the responsability are the fact of the plugin used. In this case Firefox disables a plugin feature, and that's not it's role. So is this BUG being patched soon please ???
You need to log in before you can comment on or make changes to this bug.