Firefox not sending referer header while Chrome does for the website
Version: 61.0.1 64 Bit
I have a redirect from website to an IDP (Authentication provider) and back where user logs in. I need to validate the referer when user is redirected back to my page from the IDP. But what I am noticing is that I am able to read referer header when i am doing this in Google Chrome. But on FF and even on IE the referer header is not present at all.
All the urls used are https so I dont understand why referer header is absent.
Thanks in advance.
Alle svar (3)
Is the referrer completely blank, or do you only get the origin, not the path, etc.?
HTTPS => HTTP is not the only scenario where HTTP_REFERER is not sent. For example, user preferences and extensions may affect what is sent.
Did you test in a clean Firefox profile without any settings customizations or filtering add-ons? Here's a way to do that:
New Profile Test
This takes about 3 minutes, plus the time to test your site.
Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.
Click the Create a New Profile button, then click Next. Assign a name like Aug2018, ignore the option to relocate the profile folder, and click the Finish button.
After creating the profile, scroll down to it and click the Set as default profile button below that profile, then scroll back up and click the Restart normally button. (There are some other buttons, but please ignore them.)
Firefox should exit and then start up using the new profile, which will just look brand new. Please ignore any tabs enticing you to connect to a Sync account or to activate extensions found on your system so we can get a clean test.
Does Firefox receive the referrer in the new profile?
When you are done with the experiment, open the about:profiles page again, click the Set as default profile button for your normal profile, then click the Restart normally button to get back to it.
Thanks for the response.
I don't get origin either. I have tested the issue in 3 different computers and could see the same behavior. Behavior on both FF and Chrome is consistent.
I noticed internal redirects from page to page on my site would bring referer header but not from the IDP. I have not tested this with any other third party sites.
Both Firefox and Chrome have a panel in their developer tools where you can review the requests/responses between the browser and websites. Firefox's is called the Network Monitor has there is a check box to Persist Logs so that you can track the back and forth among the multiple requests without starting a new log.
What I think would be interesting to check is whether both browser show the same headers, especially any related to referrer policy.
To open the Network Monitor it the lower part of the tab -- just before you start the failing process -- you can use either:
- "3-bar" menu button > Web Developer > Network
- (menu bar) Tools > Web Developer > Network
- (Windows) Ctrl+Shift+e
Then when you run through the signing, Firefox should list all the files it is requesting, along with information about whether the request was successful. When you click a request, a panel should open on the right side where you can view all of the headers sent with the request and response.