Nasty Security Bug

  • The latest build has fixed the issue with cookies and persistent sessions between tabs but I have found that Vivaldi is not correctly sending the Referer header if its even sending it. This means that if you push a send button or something else in a web app (form, link, ajax, etc) or website which opens in a new tab it cannot verify who refereed the data. For those that understand this it means correctly web coded apps will not work. They will block you and detect this as a potential hack. At least correctly coded apps will do this otherwise they are open to XSS attacks. It seems Vivaldi is not correctly sending them headers which means they are not usable with Vivaldi right now. Vivaldi should send the header referer when you click a link from one tab and it opens in a new one, or when that website is trying to open a send form or something else in a new tab.


Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.