Important Notice: We're experiencing email notification issues. If you've posted a question in the community forums recently, please check your profile manually for responses while we're working to fix this.

On Monday the 3rd of March, around 5pm UTC (9am PT) users may experience a brief period of downtime while one of our underlying services is under maintenance.

Avatar for Username

সহায়তা খুঁজুন

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

আরও জানুন

network.http.referer.disallowCrossSiteRelaxingDefault not working

reliancesaransh
reliancesaransh
more options

a website im using is trin to call an api with referer header and policy of "origin-when-cross-origin", but firefox overides it to "Same Origin Policy" with console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request

After a lot of search, i found that network.http.referer.disallowCrossSiteRelaxingDefault config setting should be set to false to allow any policy, but toggling between false or true has no affect. The request still fails with a cors error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at..."

Is there a way to make this work? Or a way to allow the request to have this referer policy.

a website im using is trin to call an api with referer header and policy of "origin-when-cross-origin", but firefox overides it to "Same Origin Policy" with console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request After a lot of search, i found that network.http.referer.disallowCrossSiteRelaxingDefault config setting should be set to false to allow any policy, but toggling between false or true has no affect. The request still fails with a cors error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at..." Is there a way to make this work? Or a way to allow the request to have this referer policy.

All Replies (1)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Hmm, the way I read this --

reliancesaransh said
console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request

-- it is a warning about a change coming in the future, and not what just happened in real time.

When I briefly consult the source code, you should only see the warning when the preference relevant for the context (regular window or private window) is set to false:

  • network.http.referer.disallowCrossSiteRelaxingDefault
  • network.http.referer.disallowCrossSiteRelaxingDefault.pbmode

https://searchfox.org/mozilla-release/source/dom/security/ReferrerInfo.cpp#775

Are there any other messages in the console which might get us closer to understanding the source of the problem?

If you switch to the Network panel (Command+Alt+E) and then try the request again, do you get any unexpected status codes on the responses?

Does it make any difference if you disable Tracking Protection on the site? Click the shield icon at the left end of the address bar (next to the lock icon) and then click the slider switch at the top of the drop-down panel.

Helpful?

একটি প্রশ্ন জিজ্ঞাসা করুন

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.