[Edbrowse-dev] missing https referer

[Edbrowse-dev] missing https referer

[Karl Dahlke]

Chuck,
This was an easy fix.
For some reason send referer was off by default.
So I just set it to on.
This is what other browsers do, on by default,
so I think we're ok here.

It can be toggled with the sr command,
and I guess other browsers also let you turn it on and off,
so I'll keep that feature around.

If you start with an empty buffer, then jump to a website,
there is no referer, which I think is corect.

If you refresh a web page, the referer is the page you are on,
which is probably not correct, (bug?),
it should probably be the page that you came from before the refresh.
Not sure about that one.

Karl Dahlke

Re: [Edbrowse-dev] missing https referer

[Charles Hallenbeck]

Many thanks. May all our problems have such a fix!


-- 

 Chuck in Ghent, northeast of Hudson on the Hudson.

[Edbrowse-dev] missing https referer

[Charles Hallenbeck]

Hi,

I'm using 3.5.1, and was given an error message when attempting to sign up at www.python.org. Is this due to an
oversight on my part, or perhaps a fixable problem in edbrowse? The message was:



Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a 'Referer header'
to be sent by your Web browser, but none was sent.
This header is required for security reasons,
to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable 'Referer' headers,
please re-enable them, at least for this site, or for HTTPS connections,
or for 'same-origin' requests.


More information is available with DEBUG=True.



Chuck.


-- 

 Chuck in Ghent, northeast of Hudson on the Hudson.