517352 - Firefox does not set the referer header on GET requests

Status: RESOLVED INCOMPLETE

(Firefox :: General, defect)

Description

[Andy Rivas]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)

We have found that with FF, the browser does not set the Referer header on GET requests.
IE and Safari do this automotically.  As a result, you cannot support the referer header being set on any GET request from FF.

Note: POST with FF does set the referer header.


Reproducible: Always

Comment 1

[Kyle Huey (Exited; not receiving bugmail, old account, do not use)]

Can you post HTTP session logs from something like Live HTTP Headers?

Comment 2

[Jo Hermans]

- This should work for a normal GET request.
- For a http-request coming from a https (SSL) page, or from one SSL site to another, it's removed for security reasons.
- For a GET request launched from a plugin (which tries to set a referer manually), it's bug 410904.
- For a GET request from a plugin (loading an image), it's bug 337766.

Comment 3

[Tyler Downer [He/Him]]

Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles

You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html

Comment 4

[Tyler Downer [He/Him]]

No reply, INCOMPLETE. Please retest with Firefox 3.6.13 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.