Project

General

Profile

Actions

Feature #586

open

Disable the Referer header on resource requests by default

Added by Soren Stoutner about 4 years ago. Updated about 1 month ago.

Status:
New
Priority:
3.x
Start date:
06/22/2020
Due date:
% Done:

0%

Estimated time:

Description

https://redmine.stoutner.com/issues/246 removed it on the loading of all base (main frame) URLs, but not for resource requests.

Actions #1

Updated by Soren Stoutner about 4 years ago

  • Subject changed from Create controls for the Referer header to Disable the Referer header on resource requests
  • Description updated (diff)
Actions #2

Updated by Soren Stoutner over 3 years ago

  • Priority changed from 4.x to 3.x

As part of this, there needs to be a domain setting that can specify the referer heading. Otherwise, some websites will not load.

Actions #3

Updated by Soren Stoutner over 3 years ago

  • Subject changed from Disable the Referer header on resource requests to Disable the Referer header on resource requests by default
Actions #4

Updated by Soren Stoutner over 3 years ago

It looks like this can be done using `shouldInterceptRequest()`.

https://developer.android.com/reference/android/webkit/WebViewClient#shouldInterceptRequest(android.webkit.WebView,%20android.webkit.WebResourceRequest)

It might also be possible to remove other undesirable headers at the same time, but further testing will be required to be sure and to assess the impact on the loading of requests.

Actions #5

Updated by Soren Stoutner about 1 month ago

  • Description updated (diff)
Actions #6

Updated by Soren Stoutner about 1 month ago

It is unclear to me how many websites would actually have problems if the referer header were removed from resource requests. I will have to do some testing, but I might decide to remove the functionality without any ability to override it, as websites needs to get used to working without expecting a referer header.

Actions

Also available in: Atom PDF