Important Notice: We're experiencing email notification issues. If you've posted a question in the community forums recently, please check your profile manually for responses while we're working to fix this.

On Monday the 3rd of March, around 5pm UTC (9am PT) users may experience a brief period of downtime while one of our underlying services is under maintenance.

Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

network.http.referer.disallowCrossSiteRelaxingDefault not working

reliancesaransh
reliancesaransh
more options

a website im using is trin to call an api with referer header and policy of "origin-when-cross-origin", but firefox overides it to "Same Origin Policy" with console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request

After a lot of search, i found that network.http.referer.disallowCrossSiteRelaxingDefault config setting should be set to false to allow any policy, but toggling between false or true has no affect. The request still fails with a cors error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at..."

Is there a way to make this work? Or a way to allow the request to have this referer policy.

a website im using is trin to call an api with referer header and policy of "origin-when-cross-origin", but firefox overides it to "Same Origin Policy" with console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request After a lot of search, i found that network.http.referer.disallowCrossSiteRelaxingDefault config setting should be set to false to allow any policy, but toggling between false or true has no affect. The request still fails with a cors error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at..." Is there a way to make this work? Or a way to allow the request to have this referer policy.

Alle antwurden (1)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Hmm, the way I read this --

reliancesaransh said
console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request

-- it is a warning about a change coming in the future, and not what just happened in real time.

When I briefly consult the source code, you should only see the warning when the preference relevant for the context (regular window or private window) is set to false:

  • network.http.referer.disallowCrossSiteRelaxingDefault
  • network.http.referer.disallowCrossSiteRelaxingDefault.pbmode

https://searchfox.org/mozilla-release/source/dom/security/ReferrerInfo.cpp#775

Are there any other messages in the console which might get us closer to understanding the source of the problem?

If you switch to the Network panel (Command+Alt+E) and then try the request again, do you get any unexpected status codes on the responses?

Does it make any difference if you disable Tracking Protection on the site? Click the shield icon at the left end of the address bar (next to the lock icon) and then click the slider switch at the top of the drop-down panel.

Behelpsum?

In fraach stelle

Jo moatte jo oanmelde by jo account om op berjochten te antwurdzjen. Stel in nije fraach as jo noch gjin account hawwe.