Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Http referrer not blocked #10721

Closed
srirambv opened this issue Aug 30, 2017 · 1 comment
Closed

Http referrer not blocked #10721

srirambv opened this issue Aug 30, 2017 · 1 comment
Assignees
@diracdeltas
Labels
privacy QA/checked-Linux QA/checked-macOS QA/checked-Win32 QA/checked-Win64 QA/test-plan-specified regression release-notes/include
Milestone
0.18.x Hotfix 1 (...

Comments

@srirambv
Copy link
Collaborator

srirambv commented Aug 30, 2017
edited by luixxiul
Loading

Test plan

#10726 (comment)

  • Did you search for similar issues before submitting this one?
    yes

  • Describe the issue you encountered:
    From community

why does Brave not hide my referer by default? How do I hide my referer? I thought this browser is about protecting me from ads and beeing tracked?
Tested with DuckDuckGo, Bing and Google:
https://www.whatismyreferer.com/2
https://referer.rustybrick.com/1

  • Platform (Win7, 8, 10? macOS? Linux distro?):
    All

  • Brave Version (revision SHA):

Brave 0.18.23
rev 36ae2ec
Muon 4.3.10
@diracdeltas
Copy link
Member

Appears to be a regression. Marking for hotfix

@diracdeltas diracdeltas self-assigned this Aug 30, 2017
diracdeltas added a commit that referenced this issue Aug 30, 2017
@diracdeltas
Spoof referer header on cross-origin navigations
4b10b32 
Previously we were only spoofing it on cross-origin subresource requests, not
navigations. Fix #10721

Test Plan:
1. go to https://community.brave.com/t/tracking-not-blocked/6787 and click on the two links in the post
2. the sites should report the referer as the origin of the site itself, not community.brave.com
3. now turn off shields on one of the sites
4. repeat steps 1 and 2. the site should now report the referer as community.brave.com
diracdeltas added a commit that referenced this issue Aug 30, 2017
@diracdeltas
Spoof referer header on cross-origin navigations
596af93 
Previously we were only spoofing it on cross-origin subresource requests, not
navigations. Fix #10721

Test Plan:
1. go to https://community.brave.com/t/tracking-not-blocked/6787 and click on the two links in the post
2. the sites should report the referer as the origin of the site itself, not community.brave.com
3. now turn off shields on one of the sites
4. repeat steps 1 and 2. the site should now report the referer as community.brave.com
@diracdeltas diracdeltas mentioned this issue Aug 30, 2017
Merged
8 tasks
diracdeltas added a commit that referenced this issue Aug 31, 2017
@diracdeltas
Spoof referer header on cross-origin navigations
076cd89 
Previously we were only spoofing it on cross-origin subresource requests, not
navigations. Fix #10721

Test Plan:
go to https://community.brave.com/t/tracking-not-blocked/6787 and click on the two links in the post
the sites should report the referer as the origin of the site itself, not community.brave.com
now turn off shields on one of the sites
repeat steps 1 and 2. the site should now report the referer as community.brave.com

Auditors: @bbondy
@kjozwiak kjozwiak mentioned this issue Sep 7, 2017
Closed
@brokoler brokoler mentioned this issue Feb 16, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@diracdeltas diracdeltas

Labels
privacy QA/checked-Linux QA/checked-macOS QA/checked-Win32 QA/checked-Win64 QA/test-plan-specified regression release-notes/include
Projects
None yet
Milestone
0.18.x Hotfix 1 (Release Channel)
Development

No branches or pull requests
6 participants
@diracdeltas @bbondy @kjozwiak @luixxiul @srirambv @LaurenWags