It looks not like core function... what is the use case? For me firing thousands of requests to external sites it makes no sense as this is incorrect... there shouldn't be any referer...

<?php
'Referer' => $base_root . request_uri(),
?>

Comments

hass’s picture

Category:support» bug

I'm not able to unset the referer. I tried NULL, and ''. Header is still added.

hass’s picture

Title:Why is referer with local urls added automatically?» Remove invalid referrer
Status:Active» Needs review
StatusFileSize
new662 bytes

If a module needs an referrer (I do not know why), it can set it, but don't set a wrong referrer by default that cannot overridden.

Patch attached.

mikeytown2’s picture

Having the referrer is pretty nice from my point of view. I got to run, (will be back tomorrow) but I'm thinking default is referrer is not sent (referrer == FALSE); if referrer == TRUE use current page; if referrer is string then use the string.

mikeytown2’s picture

Status:Needs review» Needs work
hass’s picture

But it's a server process... not an interactive user browsing a page. This is not what the referrer was made for... It will confuse other people... It may be useful for edge cases to fakes a referrer... But this are rare exceptions. Sending admin path as referrer can lead to security issues (informatin disclosure)! The same may happen if we are sending out the cron url with the authentication hashes... :-(((

mikeytown2’s picture

Status:Needs work» Needs review
StatusFileSize
new1.37 KB

Something like this is what I was thinking.

mikeytown2’s picture

Status:Needs review» Fixed

Committed to 6.x & 7.x

hass’s picture

Status:Fixed» Needs work

Well I understood this, but it is very limiting. I'm now not able to set a custom referrer... Maybe i need to fake a specific referrer.

hass’s picture

There is a typo "Referer", isn't it?

mikeytown2’s picture

Status:Needs work» Fixed

Referer is "correct" http://en.wikipedia.org/wiki/HTTP_referer
If you set the Referer in the header it will use that value.

hass’s picture

Should we make it consistend - wrong? :-)

mikeytown2’s picture

in JS it is referrer http://www.w3schools.com/jsref/prop_doc_referrer.asp. There is no consistent way, so I'll go with the correct spelling in my API and use "Referer" in the header.

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.