No Full Referer info
-
After last update to 3.7.2218.45 (Stable channel) (64 bit)
The same problem in Linux -
It send host url only.
-
How are you testing this exactly?
-
$_SERVER['HTTP_REFERER'] on target page.
https://en.wikipedia.org/wiki/HTTP_referer
Test it here: https://whatsmyreferer.com/ in variuos browsers. -
-
@defs Yes, I tried that one now, and I'd used the www variant of it earlier, but I get the same results with the current version and the last one.
Clicked from here, the result is:
https://forum.vivaldi.netIs that the host you're referring to? Chrome has the same result.
-
Referer policy โ it's about how initial website share refer.
Vivaldi site don't share, so clicking here on the link above โ is always show host only.
BUT VIVALDI BROWSER NOW TREAT ANY SITE LIKE THIS
It ignore Referrer-policy โ it is the problem.
I use inner-company software, that consider referer page โ Vivaldi browser now is the only browser, where we can't work, because of referer error.
Now we are urgently removing Vivaldi for all employees. I was that man who adviced this choice of browser and now I'm anti-hero Any other browser is OK, as we found out. -
@defs What
referrer-policy
does your internal company software set? Does it set it in server headers or in the html?The policy of
strict-origin-when-cross-origin
is now the default used in Chromium, Chrome, Vivaldi when no policy is set by the server/page. It will be in Firefox 87 and probably next version of Opera.In a short time all browsers will behave the same way.
Before making bold claims about Vivaldi "treating any site like this" make sure to read and understand the specification.
-
Thanks for the explanation!
But, in the absence of an announcement of this change, unfortunately, we had to massively abandon Vivaldi in favor of FF until the IT specialists figured out the policy. This turned out to be a working solution that everyone understands. -
@defs Firefox 87 will be out next week and have the exact same change to referrer-policy default.
-
Thanks a lot, so we have a week
-
@defs You have four days
https://wiki.mozilla.org/Release_Management/Calendar -
Using Trace extension, in advanced setting you can block Http referer and Google headers
-
@Pathduck At this point the company should get rid of their IT โspecialistsโ and start paying you instead. Iโd stop providing support until they switch back to Vivaldi at least :p
-
@luetage the world is based on people like you )) it's so bad when people help each other on the forums, right? if this happens everywhere (mutual assistance) then where will we go. From afar I feel how kind and good you are )))
I donโt know how yet, but we have already dealt with the problem. It works for me on Vivaldi. I will definitely find out and write a solution here. Because I'm not as kind as you -
@defs Calm down mate, I provide plenty support on the forum.
-
In order for target site to see the referring page,
Linking site must have header "Referrer-Policy" set to "unsafe-url"
.htaccess:
Header always set Referrer-Policy "unsafe-url" -
@defs Yes, Vivaldi respects
unsafe-url
.Example: https://www.w3schools.com/code/tryit.asp?filename=GOPLCG1IKWFX
-
@Gwen-Dragon said in Very Big Problem: No Full Referer info:
@luetage said in Very Big Problem: No Full Referer info:
company should get rid of their IT โspecialistsโ
Yes, and they should hire professional IT people.
๐งฏ
-
@Gwen-Dragon I think the main lesson learned here should be that developers should never rely on the HTTP
referer
header for anything else than just basic statistics on where traffic is coming from and to keep tab of internal broken links.One would think that in an internal web application all requests should be same-origin anyway, but of course if they use different hosts/ports or even change between http/https they have a problem.
I am however not of the opinion that developers and operators should constantly monitor the w3c and browser spec processes, not everyone has the time to do that. They should simply try not to use stuff for purposes they were never intended to be used for, so it doesn't break down the line. KISS.
-