MAIN_SECURITY_FORCERP - HTTP_REFERER #29780
Labels
Bug
This is a bug (something does not work as expected)
Discussion
Some questions or discussions are opened and wait answers of author or other people to be processed
Comments
ksar-ksar
added
the
Discussion
eldy
added a commit
that referenced
this issue
Jun 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug
Because of the MAIN_SECURITY_FORCERP set by default on strict-origin, in v19, it's impossible to keep the list filter in the URL when you clic on "return list" from an object.
Because of this, HTTP_REFERER is equal to the domain name only and not the page you was from.
In v18, MAIN_SECURITY_FORCERP is set on same-origin and the filters are kept when you clic on "Return list" from an object.
HTTP_REFERER works fine.
I would like to know the reasons of this modification.
Normally, it should be the same problem for all users v19.
Will this have any impact on safety ?
Dolibarr Version
19.0
Environment PHP
No response
Environment Database
No response
Steps to reproduce the behavior and expected behavior
No response
Attached files
No response
The text was updated successfully, but these errors were encountered: