Stack Overflow
Stack Overflow

Questions tagged [referrer-policy]

Use this for questions related to the Referrer-Policy HTTP header and the meta name="referrer" element, for strict-origin-when-cross-origin errors, and for cases where the Referer HTTP header is missing from a request. The Referrer-Policy header and name="referrer" HTML meta element control whether the Referer request header is sent in a request at all — and if it is sent, what the Referer value will be set to.

71 questions
0
votes
0 answers

chrome strict-origin-when-cross-origin cross domain query

description of the problem: I have a site which distribute the configurations https://cliconf.aa.bb.cc/cgi-bin/get-config.cgi it returns config json and some HTTP headers for cors: vary: Origin vary: Access-Control-Request-Method vary:…
n0whereman
  • 21
  • 3
0
votes
1 answer

Hide referrer on iframe Firefox

I have a iframe where videos played when the user choose. Everything is on my website, but I want to hide the referrer to the user, so they don't know in what page the videos are. I'm trying with referrerpolicy="no-referrer", but in firefox doesn't…
miel
  • 1
0
votes
0 answers

How can I add referrer tag to my React JS website?

please guide me how to add referrer tags to my website. I've looking for few hours with no sucess. I also know that there is a thing named referr policy but no clue what it is.
Anizzama Sub
  • 1
  • 1
0
votes
1 answer

How to get parent URL in JS without using document.referrer

I need to get the parent url which redirect to current page using JS, I find document.referrer can achieve, but our company has some security rules said can't trust that the referrer header is safe - it can be spoofed, omitted, or have an unexpected…
newszer
  • 440
  • 1
  • 4
  • 23
0
votes
1 answer

Asp.Net Core API CORS policy error (+308 status code)

I am building a server/client app with C# and React.js Unfortunately I am facing CORS policy problem: Regarding the server side, I have this code : var MyAllowSpecificOrigins = "_myAllowSpecificOrigins"; var builder =…
Alexia
  • 71
  • 1
  • 1
  • 6
0
votes
1 answer

Angular interceptor request failed because of strict-origin-when-cross-origin

I'm trying to implement access token handling in my Angular application, using an interceptor. In the Spring backend I set some routes to be public (eg. localhost:8080/api/public/hello) and some to be able to be accessed only with an access token…
nnntm
  • 27
  • 5
0
votes
0 answers

Understanding different Referrer-policy and what is sent when

I am creating a class (es) in php to validate if referrers received in the headers adhere to the Referrer-policy set for the document. I have tried to create a table which will tell me when a referer is sent and what to expect in them. However I…
endeavour
  • 576
  • 4
  • 15
0
votes
1 answer

Laravel Cors Referrer Policy

I run into the error below in Laravel 8 with ChatBro service when a user try to send a new message; Seems like the 'Referrer-Policy' of your site is 'no-referral'. For correct chat's work it must be equal 'no-referrer-when-downgrade' or any other…
Ahmed Yehia
  • 60
  • 7
0
votes
2 answers

Flask - Change Referrer Policy to 'no-referrer'?

I'd like to embed an iframe on my site that is hosted locally but I can't because the referrer policy is set to 'strict-origin-when-cross-origin'. The src for the iframe is from a website that is made for the purpose of embedding into an iframe so…
Nick
  • 25
  • 10
0
votes
0 answers

"strict-origin-when-cross-origin" - debugging tornado nginx using vscode

My app (built as a collection of services) is using tornado with nginx. I'm trying to debug it using vscode (remote debugging). I stopped the original api service and ran the one in vscode instead. When trying to send a request using chrome (macOS),…
Gil
  • 21
  • 2
0
votes
1 answer

Google Update Created Bug - This file should be served over HTTPS. This download has been blocked

Google Chrome started blocking downloads served via HTTP. This update broke my download links and shows the console error below. Mixed Content: The site at 'https://www.sellmyiphonemiami.com/' was loaded over a secure connection, but the file…
Andre Van Veen
  • 33
  • 1
  • 8
0
votes
2 answers

Can't solve strict-origin-when-cross-origin. React + AdonisJS

I have a server, in which I'm running two different applications. The frontend (express + React) is running on 443 port, and the AdonisJS api is running on 3333 port. They share the same domain (something.com, for example), but I need to add the…
Lucas Kuratani
  • 21
  • 1
  • 4
0
votes
2 answers

Silent Refresh not working after Google Chrome updated to Version 85

I am using angular-oidc-auth2 v9.0.3 to request token renewal by silent refresh. I am using implicit flow. it was working good until google chrome updated version to 85. I have observed the request and found that Google chrome used to have Referrer…
user1898171
  • 1
  • 1
0
votes
0 answers

Best way to use the current URL as a parameter to external API in javascript

I would like to know what is the best way fetch a resource from our client's site to our servers with the Fetch API (GET). In order to do so we need to send the current URL since the resource depends on that. We've come up with two choices so…
DraQ
  • 340
  • 2
  • 13
0
votes
0 answers

Referrer Policy: no-referrer-when-downgrade fetch api - AWS API

I have created API using AWS API gateway and while creating individual GET call selected "Use Lambda Proxy integration", and allow cors on that resource. But after publishing API its works fine I am able to get a response in postman/firefox. But…
user3215858
  • 29
  • 1
  • 8
1 2 3
4
5