Firefox has an annoying bug you may have come across while working with Flash applications and websites: When you make a request for a file from a swf, Firefox doesn’t send a referer. I’ve set up a test page to show the problem.
If you visit this page in Firefox and click the “push me” button, you will see simply “Ref is:” but no other text. If you visit in with any other browser, you’ll see:
“Ref is: [http://dev.deconcept.com/referer_tester/]”.
The problem is that Firefox doesn’t properly append the referer header to requests made from swfs embedded on the page. Every other browser I’ve tested sends a referer.
How you can help:
Visit the bug page for this issue and “vote” for the bug. DO NOT ADD A COMMENT SAYING SOMETHING LIKE “Yes please fix this bug!”. This will only annoy the developers. Simply “voting” for the bug is enough. You vote for the bug by clicking the “vote” link on the top right side of the page, and putting a check in the box next to the bug and clicking the “Change my votes” on the subsequent page.
We do really love Mozilla but it really needs to be rewieved again. Sometimes I miss my IE :(
RFC 2616 states that the Referer header field “allows the client to specify, for the server’s benefit, the address […].” I doubt you can get much more optional than that. The real breakage, as far as I’m concerned, is that browsers still send it by default. As long as they do, you will have to choose between neglecting data prevention and no longer using the broken websites that rely on it.
According to some of the comments it works with POST but not GET. Anyway I tried to vote but no vote button.
I doubt you can get much more optional than that. The real breakage, as far as I’m concerned, is that browsers still send it by default
I agree that this is a major bug. It has been causing problems and security issues on our application for many years now. I have no idea why the firefox developers have not fixed it yet.
Could someone tell me if Firefox 3 has made any improvements regarding this?
I agree this is a non-bug.
No site should rely on a referer.
Beside, Gnash doesn’t use the browser sockets
at all, and intentionally doesn’t send a referer,
so I hope youtube will never rely on that!