[Bug 41265] New: HTTP referer is sent from secure connection

bugzilla-daemon Sun, 21 Oct 2012 19:25:29 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=41265


       Web browser: ---
             Bug #: 41265
           Summary: HTTP referer is sent from secure connection
           Product: MediaWiki
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: General/Unknown
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


When on a secure wiki page (SSL), such as 
http://en.wikipedia.org/wiki/File:Vulpicida_canadensis_44260.jpg

and you click a non-secure (http not https) link, such as
http://www.mushroomobserver.org/image/show_image/44260

the referer is sent. This is against RFC 2616. No referer should be sent.

Per RFC 2616 § 15.1.3 (http://tools.ietf.org/html/rfc2616#section-15.1.3):

   Clients SHOULD NOT include a Referer header field in a (non-secure)
   HTTP request if the referring page was transferred with a secure
   protocol.

General http referer info: http://en.wikipedia.org/wiki/HTTP_referer

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 41265] New: HTTP referer is sent from secure connection

Reply via email to