http_referer is not accurate

Danny CrastoDanny Crasto
1 min read

The Referer http header (actually a misspelling of referrer) identifies the address of the webpage from which the resources has been requested. I wanted to add this context to an API request fired from that page.

When making the request, the value only included the host and not path of the page, which was pretty much useless for my use case.

This behavior was actually intentional and governed by our nginx server’s policy

referrer-policy: origin-when-cross-origin

which would only use the host since the request was to a different origin server.

This was done as a security measure. The more your know.

Reference:

0
Subscribe to my newsletter

Read articles from Danny Crasto directly inside your inbox. Subscribe to the newsletter, and don't miss out.

refererhttphttp-headersnginxreferrer policyreferrer

Written by

Danny Crasto
Danny Crasto

I am developer/code-reviewer/debugger/bug-fixer/architect/teacher/builder from dubai, uae