2

Am trying to pass Ref(f)erer via 301 redirect from HTTPS domainA to HTTPS domainB using cloudflare workers.

1) User enters https://domainA.com in a browsers address field, such request headers are send to server:

Request headers, from Chrome DevTools

This request is then handled by such Cloudflare worker:

<...>
return new Response("Will Redirect", {
status: 302,
statusText: 'Found',
headers: {
  Location: "https://domainB.com",
  "Referrer-Policy": "unsafe-url"
 }
})
<...>

This code generates such HTTP response:

enter image description here

It'd seem "so far so good" - Referrer policy header is set and is appearing, but prior to Request/Reponse headers Chrome shows 'General' piece of information on the same request:

enter image description here

As I understand, ^ is a quick summary of request/response combination. Where does this Referrer Policy : no-referrer-when-downgrade line get there? Is it Chrome's default Request parameter or Chrome adds it on response by default? Or maybe these are some Cloudflare defaults? I guess that is one of the potential reasons why I am unable to pass Referrer.

Then the 302 redirect loads the domainB and this request is handled by second worker:

<...>
let refr = request.headers.get('Referer')
let resp = new Response(`Testing referer: ${refr}`)
resp.headers.set('Referrer-Policy', 'unsafe-url')
return resp
<...>

The second request/response is as follows:

enter image description here

But the response from domainB looks as follows:

enter image description here

Though i'm expecting to see Testinf referrer: domainA.com . How would I achieve this?

Thanks!

toinbis
  • 747
  • 7
  • 23

1 Answers1

1

Ok, it turns out you can not be sure that Referer will be passed as it completely depends on the visitors browser. Suggested method is to use domainB.com?domainid=xyz in a 301 redirect location and make sure the second domain knows that xyz stands for domainA.

toinbis
  • 747
  • 7
  • 23