Firefox does not set the referer header on GET requests

RESOLVED INCOMPLETE

Status

()

RESOLVED INCOMPLETE
9 years ago
8 years ago

People

(Reporter: andy.rivas, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [CLOSEME 2011-1-30])

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)

We have found that with FF, the browser does not set the Referer header on GET requests.
IE and Safari do this automotically.  As a result, you cannot support the referer header being set on any GET request from FF.

Note: POST with FF does set the referer header.


Reproducible: Always
Can you post HTTP session logs from something like Live HTTP Headers?

Comment 2

9 years ago
- This should work for a normal GET request.
- For a http-request coming from a https (SSL) page, or from one SSL site to another, it's removed for security reasons.
- For a GET request launched from a plugin (which tries to set a referer manually), it's bug 410904.
- For a GET request from a plugin (loading an image), it's bug 337766.
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles

You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html
Whiteboard: [CLOSEME 2011-1-30]
No reply, INCOMPLETE. Please retest with Firefox 3.6.13 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.