Fwd: [Bug 22558] referrer leaks through to non-referring site

[George Staikos]

On Monday 07 July 2003 09:52, Waldo Bastian wrote:

  With IE5 on Mac:

> (1) Browse from referrer.php to referrer2.php to referrer3.php via the
> links on the pages.
> - The referrer should point to the previous page in each instance.

   Works

> (2) Use the back button to go back.
> - The referrers should not have changed, both referrers on referrer2.php
> should still point to referrer.php.

   Works

> (3) Reload the page.
> - The referrers should not change, both referrers on referrer2.php should
> still point to referrer.php.

   Works

> (4) Browse to referrer3.php via the link on the referrer2.php page. Then
> visit 15 other pages (To flush the page-cache for referrer2.php) and clear
> the cache. Now go back to referrer2.php using the history.
> - The referrers should not change, both referrers on referrer2.php should
> still point to referrer.php.

   Untested.  I don't know this browser well enough to reliably do this 
properly.

> (5) Go to referrer3.php and then enter referrer2.php in the location bar.
> - Both referrers should be empty.

   Works

> (6) Go to referrer.php and browse to referrer2.php. Now enter referrer2.php
> in the location bar.
> - Both referrers should be empty.

   Works

> (7) Go to referrer.php and browse to referrer2.php. Now enter
> referrer2.php#bla in the location bar.
> - Both referrers should not change, both referrers on referrer2.php should
> still point to referrer.php.

   Fails.  The referrers clear.

> (8) Go to referrer.php and browse to referrer2.php. Now click on
> "Javascript reload".
> - Both referrers should not change, both referrers on referrer2.php should
> still point to referrer.php.

   Works

> (9) Go to referrer.php and browse to referrer2.php and bookmark it. Go to
> referrer3.php and then go to referrer2.php using the bookmark.
> - Both referrers should be empty.

   Works

> (10) While still on referrer2.php select the referrer2.php bookmark again.
> - Both referrers should be empty.

   Works

> (11) Go to referrer2.php and select "Redirection to referrer3.php". You
> should end up on referrer3.php.
> - Both referrers should point to referrer2.php

   Fails - HTTP.Referer points to redir.php

> (12) Go to http://foo:bar@<host>/<path>/referrer.php (Fill in <host> and
> <path> accordingly) and browse to referrer2.php
> - Neither referrer should contain either foo or bar.

   Fails - Javascript.referrer contains the username and password.

-- 
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/