Closed Bug 234736 Opened 21 years ago Closed 21 years ago

javascript:window.location reassignment creates bogus referrer

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 122668

People

(Reporter: persist1, Assigned: bugzilla)

Details

User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 When reassigning window.location via the Location bar or a bookmarklet, the page in the browser window at the time the reassignment occurred is shown in the access log as the referrer. Discovery of the issue was as follows: I have a bookmarklet that allows me to provide a timestamp for a single archived entry in my blog to the end of requesting that single entry. I used it while a friend's site was loaded into that tab, and the friend's site was shown as the referrer. I was then able to reproduce the problem simply by putting JavaScript in the Location bar as described in the Actual Results. Reproducible: Always Steps to Reproduce: 1. Create a bookmarklet that reassigns window.location, or reassign it manually from the Location bar. 2. Look up the visit in your serverlogs. Actual Results: In one instance, when typing "javascript:window.location = 'http://www.io.com/persist1/log.php'" into the Location bar while http://badpoetry.net/katie/ was already loaded into the browser window: 4.13.31.137 - - [17/Feb/2004:23:25:27 -0600] "GET /persist1/log.php HTTP/1.1" 200 5182 "http://badpoetry.net/katie/" "Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040206 Firefox/0.8" I run TabBrowser Extensions, and closed all of my tabs before reproducing the problem again. Expected Results: ...Left empty the referrer field of the access log entry. AFAIK, page requests generated via JavaScript window.location reassignment or window object method invocation never create referrers; at least this has been the S.O.P. since 1996 without regard to who publishes the software... While I can see the benefit to providing a referrer in the event that INLINE CODE generated the page request (thus preventing anonymous referrals), doing the same in the event that the code was stored locally outside of the cache (e.g. in chrome or a bookmarklet) could be understood to be an egregious (if inadvertent) violation of user privacy.
*** This bug has been marked as a duplicate of 122668 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.