Closed
Bug 76326
Opened 23 years ago
Closed 14 years ago
Restrict which pages can see HTTP referrer
Categories
(Core :: Security: CAPS, enhancement, P1)
Core
Security: CAPS
Tracking
()
RESOLVED
WORKSFORME
Future
People
(Reporter: markushuebner, Assigned: dveditz)
References
Details
http pages shouldn't be able to see file:/// referers, but file:/// pages should be able to see file or http referers
Comment 1•23 years ago
|
||
is there some sort of spec? belongs into dom 0 probably.
interesting, but i'm not sure the spec agrees. how about CAPS settings which would allow the user to specify which transitions pass refererr and which do not
Assignee: asa → mstoltz
Component: Browser-General → Security: CAPS
QA Contact: doronr → ckritzer
Comment 3•23 years ago
|
||
RFC 2616, section 15.1.3: Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol. I consider file:/// a secure protocol. However, I cannot confirm this bug with 2001-04-15-20, Win NT. To test you can make up a local document linking to http://clarence.de/utilities/http.cgi (sorry, language is german, but you'll understand it). Meta bug for HTTP Referer is bug 61660.
Comment 4•23 years ago
|
||
Interesting idea, I'll look into it. Yes, we could allow the security/privacy policy to control who can see the referrer field.
Severity: normal → enhancement
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: document.referrer → [RFE]Restrict which pages can see HTTP referrer
Comment 5•23 years ago
|
||
For the second part of this bug: - Pages retrieved via HTTP cannot access file: URLs. See bug 40538. - There is no referrer for the file: protocol. We could emulate it for JS/DOM (4.x does so), but that would be a bug on its own (low priority, IMHO).
Severity: enhancement → normal
Summary: [RFE]Restrict which pages can see HTTP referrer → document.referrer
Updated•23 years ago
|
Severity: normal → enhancement
Summary: document.referrer → [RFE]Restrict which pages can see HTTP referrer
Updated•23 years ago
|
Target Milestone: --- → mozilla1.0
Comment 6•23 years ago
|
||
Target is now 0.9.5, Priority P1.
Priority: -- → P1
Target Milestone: mozilla1.0 → mozilla0.9.5
Comment 7•23 years ago
|
||
time marches on...retargeting to 0.9.6
Target Milestone: mozilla0.9.5 → mozilla0.9.6
Updated•23 years ago
|
Target Milestone: mozilla0.9.6 → mozilla1.0
Reporter | ||
Updated•23 years ago
|
Keywords: mozilla1.0
Comment 8•23 years ago
|
||
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 (you can query for this string to delete spam or retrieve the list of bugs I've moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
I believe there's also a thing named "e-mail (from:)" which could supply your POP3 e-mail program's information to the site. Dunno if it's e-mail address, sender nick or which information. Anyway, as I see it, a restricting function for this would be even more urgent.
Reporter | ||
Updated•23 years ago
|
Keywords: mozilla0.9.9
Reporter | ||
Updated•22 years ago
|
OS: Windows 2000 → All
Hardware: PC → All
Updated•22 years ago
|
Target Milestone: mozilla1.0.1 → Future
Reporter | ||
Comment 10•22 years ago
|
||
This bug has been around for quite a long time now - any chance to get this in soon?
Keywords: mozilla1.2
Summary: [RFE]Restrict which pages can see HTTP referrer → Restrict which pages can see HTTP referrer
Reporter | ||
Comment 11•22 years ago
|
||
Really think this one would need some attention now after such a long time passing by.
Keywords: mozilla0.9.9,
mozilla1.0,
mozilla1.2
Assignee | ||
Updated•18 years ago
|
Assignee: security-bugs → dveditz
Status: ASSIGNED → NEW
QA Contact: ckritzer → caps
Assignee | ||
Comment 12•14 years ago
|
||
WFM, http: pages do not see file:/// referrers. This got fixed somewhere along the way in another bug.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•