Can't post or change settings, no valid HTTP-Referrer

Having trouble installing serendipity?
Post Reply
Karbargenbok
Regular
Posts: 7
Joined: Thu Apr 13, 2017 9:28 pm

Can't post or change settings, no valid HTTP-Referrer

Post by Karbargenbok »

Hello,

After a long time, I have finally gotten around to fixing the old Serendipity installation at http://wumswebsite.nl/wumlog/. I posted about this earlier in this thread:

viewtopic.php?f=3&t=20998&p=10447138

Both the database and the installation itself are now updated to the latest version. I can also log in again, after using fixauthor.php, and everything seems to be working fine, until I try to edit anything (make a new post, change settings, etc.). I get the following error (in Dutch, sorry can't change the language settings):
Uw browser heeft geen geldig HTTP-Referrer-adres verstuurd. Dit kan veroorzaakt worden door een verkeerd geconfigureerde browser/proxy of door een aanval die tegen u is gericht. Uw actie werd geannuleerd.
Any help would be greatly appreciated.
erAck
Regular
Posts: 235
Joined: Mon Feb 16, 2015 1:20 am

Re: Can't post or change settings, no valid HTTP-Referrer

Post by erAck »

Check that your browser actually sends a Referer header. In Firefox that would be under about:config the value of network.http.sendRefererHeader must not be 0 but 1 or 2 instead, see http://kb.mozillazine.org/Network.http. ... ererHeader

Also Add-ons may disable sending a Referer header with a false "privacy" assumption (in that they disable it also if the originating site is the same as the target site).

There are other Referer relevant settings you can check under about:config that start with network.http.referer. see https://wiki.mozilla.org/Security/Referrer

Edit 2018-10-23:
It might also be that the web server in its Referrer Policy instructs the browser to not send a Referer header, though it would be unusual that it would do so for the own site. Anyway, look for Referrer-Policy: no-referrer or for Apache Header set Referrer-Policy no-referrer in your httpd.conf and .htaccess files, it should likely be same-origin instead. See also https://developer.mozilla.org/en-US/doc ... rer-Policy
Post Reply