* [Edbrowse-dev] missing https referer
@ 2014-05-01 10:21 Karl Dahlke
2014-05-01 10:50 ` Charles Hallenbeck
0 siblings, 1 reply; 3+ messages in thread
From: Karl Dahlke @ 2014-05-01 10:21 UTC (permalink / raw)
To: Edbrowse-dev
Chuck,
This was an easy fix.
For some reason send referer was off by default.
So I just set it to on.
This is what other browsers do, on by default,
so I think we're ok here.
It can be toggled with the sr command,
and I guess other browsers also let you turn it on and off,
so I'll keep that feature around.
If you start with an empty buffer, then jump to a website,
there is no referer, which I think is corect.
If you refresh a web page, the referer is the page you are on,
which is probably not correct, (bug?),
it should probably be the page that you came from before the refresh.
Not sure about that one.
Karl Dahlke
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Edbrowse-dev] missing https referer
2014-05-01 10:21 [Edbrowse-dev] missing https referer Karl Dahlke
@ 2014-05-01 10:50 ` Charles Hallenbeck
0 siblings, 0 replies; 3+ messages in thread
From: Charles Hallenbeck @ 2014-05-01 10:50 UTC (permalink / raw)
To: Karl Dahlke; +Cc: Edbrowse-dev
Many thanks. May all our problems have such a fix!
--
Chuck in Ghent, northeast of Hudson on the Hudson.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Edbrowse-dev] missing https referer
@ 2014-05-01 9:41 Charles Hallenbeck
0 siblings, 0 replies; 3+ messages in thread
From: Charles Hallenbeck @ 2014-05-01 9:41 UTC (permalink / raw)
To: Edbrowse Development
Hi,
I'm using 3.5.1, and was given an error message when attempting to sign up at www.python.org. Is this due to an
oversight on my part, or perhaps a fixable problem in edbrowse? The message was:
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a 'Referer header'
to be sent by your Web browser, but none was sent.
This header is required for security reasons,
to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable 'Referer' headers,
please re-enable them, at least for this site, or for HTTPS connections,
or for 'same-origin' requests.
More information is available with DEBUG=True.
Chuck.
--
Chuck in Ghent, northeast of Hudson on the Hudson.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-05-01 10:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-01 10:21 [Edbrowse-dev] missing https referer Karl Dahlke
2014-05-01 10:50 ` Charles Hallenbeck
-- strict thread matches above, loose matches on Subject: below --
2014-05-01 9:41 Charles Hallenbeck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).