[patch] making referrers work under https
George Staikos
staikos at kde.org
Thu May 25 21:38:15 BST 2006
On Thursday 25 May 2006 15:59, Leo Savernik wrote:
> Hello,
>
> Usually, http sends a referrer with each request. This also holds true for
> https, and referrers are correctly sent on the http(s)-header level.
>
> However, one can also query the referrer on the client side using
> document.referrer. While this works for http, it was broken for https --
> always returning no referrer at all.
>
> This was actually caused by kio_http, which sends back the effective
> referrer it used in the request to the client by writing it into
> mOutgoingMimeData. Immediately afterwards, setSSLMetaData() is called,
> which *replaces* mOutgoingMimeData with a prepared version of its own.
> Therefore, the referrer is implicitly lost and cannot be retrieved on the
> client side.
>
> My proposed fix is to swap both invocations.
>
> Please review and apply soon! I need this fix for online-banking.
I think it's fine. We just need to be sure that metadata is not expected to
be wiped out by that call during SSL sessions. I don't think that's an issue
right now.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kfm-devel
mailing list