Opened 2 years ago
Closed 2 years ago
#1487806 closed Bugs (fixed)
Enabling security option "referer_check" causes Internet Explorer to fail
| Reported by: | duelli | Owned by: | |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.6-beta |
| Component: | Core functionality | Version: | 0.5.1 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
When enabling "check_referer" option in Internet Explorer 8 causes a security warning saying "Please contact your server-admin" whenever
- creating mail
- answering mail
- on logout
Change History (3)
comment:1 Changed 2 years ago by duelli
- Summary changed from Enabling security option "check_referer" causes Internet Explorer to fail to Enabling security option "referer_check" causes Internet Explorer to fail
comment:2 Changed 2 years ago by thomasb
- Component changed from Addressbook to Core functionality
comment:3 Changed 2 years ago by thomasb
- Milestone changed from later to 0.6-beta
- Resolution set to fixed
- Status changed from new to closed
Fixed in [d7167e9e]
Note: See
TracTickets for help on using
tickets.
That's why it was made optional. You should even consider it experimental. Referer checking isn't reliable and browsers can refuse to send referers for example when they're in private browsing mode. And IE doesn't send referers when the link is opened with JavaScript? location.href = . http://webbugtrack.blogspot.com/2008/11/bug-421-ie-fails-to-pass-http-referer.html We'll try to implement the proposed workaround with creating a real dom link.