Http requests upgrade to https do not send a Referrer header (CSP upgrade-insecure-requests)
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: nayinain, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: parity-chrome, Whiteboard: [domsecurity-backlog2])
Attachments
(2 files)
Firefox.png
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0
Steps to reproduce:
- Open
Web Console(Ctrl+shift+K) - Load https://stockpage.10jqka.com.cn/hqmini_v2.html#code=hs_002594&cw=650
- Filtering with
last.js. - Expand and view the request header details.
Actual results:
There is no Referrer.
Expected results:
Referrer header should exist.
|
||
Comment 2•2 years ago
|
||
:nayinain, if you think that's a regression, could you try to find a regression range using for example mozregression?
|
||
Comment 3•2 years ago
|
||
I bet that we calculated the referrer when it was still an http: link before it was later upgraded -- referrers aren't sent when a secure page makes a request to an http: link.
|
||
Comment 4•2 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #3)
I bet that we calculated the referrer when it was still an http: link before it was later upgraded -- referrers aren't sent when a secure page makes a request to an http: link.
I think you are right. It seems we stop calculating referer info at this line.
|
|
||
Updated•2 years ago
|
Description
•