Important Notice: We're experiencing email notification issues. If you've posted a question in the community forums recently, please check your profile manually for responses while we're working to fix this.

Avatar for Username

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Saber mais

network.http.referer.disallowCrossSiteRelaxingDefault not working

reliancesaransh
reliancesaransh
more options

a website im using is trin to call an api with referer header and policy of "origin-when-cross-origin", but firefox overides it to "Same Origin Policy" with console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request

After a lot of search, i found that network.http.referer.disallowCrossSiteRelaxingDefault config setting should be set to false to allow any policy, but toggling between false or true has no affect. The request still fails with a cors error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at..."

Is there a way to make this work? Or a way to allow the request to have this referer policy.

a website im using is trin to call an api with referer header and policy of "origin-when-cross-origin", but firefox overides it to "Same Origin Policy" with console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request After a lot of search, i found that network.http.referer.disallowCrossSiteRelaxingDefault config setting should be set to false to allow any policy, but toggling between false or true has no affect. The request still fails with a cors error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at..." Is there a way to make this work? Or a way to allow the request to have this referer policy.

Todas as respostas (1)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Hmm, the way I read this --

reliancesaransh said
console msg: Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request

-- it is a warning about a change coming in the future, and not what just happened in real time.

When I briefly consult the source code, you should only see the warning when the preference relevant for the context (regular window or private window) is set to false:

  • network.http.referer.disallowCrossSiteRelaxingDefault
  • network.http.referer.disallowCrossSiteRelaxingDefault.pbmode

https://searchfox.org/mozilla-release/source/dom/security/ReferrerInfo.cpp#775

Are there any other messages in the console which might get us closer to understanding the source of the problem?

If you switch to the Network panel (Command+Alt+E) and then try the request again, do you get any unexpected status codes on the responses?

Does it make any difference if you disable Tracking Protection on the site? Click the shield icon at the left end of the address bar (next to the lock icon) and then click the slider switch at the top of the drop-down panel.

Útil?

Colocar questão

Deve iniciar a sessão com a sua conta para responder às mensagens. Por favor, comece uma nova pergunta, se ainda não tiver uma conta.