It looks not like core function... what is the use case? For me firing thousands of requests to external sites it makes no sense as this is incorrect... there shouldn't be any referer...

'Referer' => $base_root . request_uri(),


Category:support» bug

I'm not able to unset the referer. I tried NULL, and ''. Header is still added.

Title:Why is referer with local urls added automatically?Remove invalid referrer
Status:Active» Needs review
new662 bytes

If a module needs an referrer (I do not know why), it can set it, but don't set a wrong referrer by default that cannot overridden.

Patch attached.

Having the referrer is pretty nice from my point of view. I got to run, (will be back tomorrow) but I'm thinking default is referrer is not sent (referrer == FALSE); if referrer == TRUE use current page; if referrer is string then use the string.

Status:Needs review» Needs work

But it's a server process... not an interactive user browsing a page. This is not what the referrer was made for... It will confuse other people... It may be useful for edge cases to fakes a referrer... But this are rare exceptions. Sending admin path as referrer can lead to security issues (informatin disclosure)! The same may happen if we are sending out the cron url with the authentication hashes... :-(((

Status:Needs work» Needs review
new1.37 KB

Something like this is what I was thinking.

Status:Needs review» Fixed

Committed to 6.x & 7.x

Status:Fixed» Needs work

Well I understood this, but it is very limiting. I'm now not able to set a custom referrer... Maybe i need to fake a specific referrer.

There is a typo "Referer", isn't it?

Status:Needs work» Fixed

Referer is "correct"
If you set the Referer in the header it will use that value.

Should we make it consistend - wrong? :-)

in JS it is referrer There is no consistent way, so I'll go with the correct spelling in my API and use "Referer" in the header.

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.