Closed
Bug 16442
Opened 25 years ago
Closed 25 years ago
REFERER shows the local hard drive location of the page you came from
Categories
(Core :: Networking, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: hrenault, Assigned: gagan)
Details
(Whiteboard: [pdt+] eta: 2/9/00)
version = CVS check out on 1999-10-13
when you have a local page containing a link, hit the link : mozilla transmits
the location of the local page to the server :
test made with /tmp/atest.html that contains <a href="http://localhost/">cliquer
ici</a>
with Mozilla the server log shows :
"GET / HTTP/1.0" 200 1815 "file:///tmp/atest.html" "Mozilla/5.0 [fr-FR] (LINUX;
I)"
with Nav4.x the server log shows :
"GET / HTTP/1.0" 200 1815 "-" "Mozilla/4.61 [en] (X11; I; Linux 2.2.10 i686)"
it may be a security a security hole, because it reveals info about the
structure of your filesystem.
Reporter | ||
Comment 2•25 years ago
|
||
hi, i've played a bit with gdb and i just would like to know if i've undestood
roughly what is going on :
in nsWebShell.cpp:HandleLinkClickEvent you have
(void)shell->LoadURL(aURLSpec, aPostDataStream,
PR_TRUE, nsIChannel::LOAD_NORMAL,
0, nsnull, str);
would it be correct to say something like
(void)shell->LoadURL(aURLSpec, aPostDataStream,
PR_TRUE, nsIChannel::LOAD_NORMAL,
0, nsnull, ( <<aURLSpec is not http:>> ? "-" : str ));
if you see what i mean (i hope this is not too awful, it's just a try ;)
best regards
Reporter | ||
Comment 3•25 years ago
|
||
sorry, this should be better :
(void)shell->LoadURL(aURLSpec, aPostDataStream,
PR_TRUE, nsIChannel::LOAD_NORMAL,
0, nsnull, ( <<str begins with http://>> ? str : "-" ));
thanks for your valuable investigation. Bug reports like these really help us
track and fix bugs faster. Marking for M12.
Updated•25 years ago
|
Assignee: warren → rpotts
Comment 6•25 years ago
|
||
Rick, Were you working on Referrer stuff? Can you own this one?
Updated•25 years ago
|
Target Milestone: M12 → M14
Bulk move of all Necko (to be deleted component) bugs to new Networking
component.
Comment 8•25 years ago
|
||
Moving Rick's M14 bugs to M13 (since he won't be here for M14). He can triage
them to M15 as appropriate.
Updated•25 years ago
|
Assignee: rpotts → warren
Comment 9•25 years ago
|
||
I'll take this. We want to add a GetURLAsReferrer method to nsIChannel.
Updated•25 years ago
|
Assignee: warren → gagan
Target Milestone: M13 → M14
Comment 10•25 years ago
|
||
I don't see where we're sending the referrer at all right now.
And file: seems to be broken now too. I'm waiting on Doug's nsIFile branch to
see if file: gets fixed -- then I can go from a file: to an http: URL to see if
a file: referrer ends up in the request.
Finally, I've rethough adding a GetURLAsReferrer and I don't think that's the
right thing to do. I think the right thing is for the referrer to be passed to
AsyncRead (as a nsIURI or nsIChannel), and the http protocol will QI it to see
if it's http:. If not, it won't send it as a referrer.
Reassigning to Gagan for m14, or until we can get the referrer header in the
request.
Updated•25 years ago
|
Whiteboard: [pdt+]
Assignee | ||
Comment 11•25 years ago
|
||
I don't see much of Referer header being used either but I have added the check
that it should only be http. will check it in tonite.
Status: NEW → ASSIGNED
Whiteboard: [pdt+] → [pdt+] eta: 16442
Assignee | ||
Comment 12•25 years ago
|
||
oops... updating eta to the date and not the bug number :)
Whiteboard: [pdt+] eta: 16442 → [pdt+] eta: 2/9/00
Assignee | ||
Comment 13•25 years ago
|
||
fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Comment 14•25 years ago
|
||
verified:
NT 2000021408
hrenault, this should be gone on Linux but if you still see it
please re-open
Status: RESOLVED → VERIFIED
Comment 15•25 years ago
|
||
it's ok on Linux 2000-02-14-16-M14 binary.
thanks.
You need to log in
before you can comment on or make changes to this bug.
Description
•