Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling referrer in CP breaks images loaded from protected server in CP/Live Preview #2482

Open
ldstevens opened this issue Feb 23, 2018 · 0 comments
Open

Disabling referrer in CP breaks images loaded from protected server in CP/Live Preview #2482

ldstevens opened this issue Feb 23, 2018 · 0 comments

Comments

@ldstevens
Copy link

This is a pretty obscure one, but FWIW...

In the 2.6.3006 update, the following feature was added:

The Control Panel now prevents referrer information from being sent when following links, on supporting browsers.

I figure that was the addition of <meta name="referrer" content="no-referrer"> to _layouts/base.html.

I take it the purpose of this is to not leak the CP address if an external link is clicked, but unfortunately it also breaks image loading in the CP for images hosted on an external server with hot-linking disabled. The external server requires the referrer header to authorise the request, and otherwise returns 403. For us this is breaking external entry images in Live Preview.

I've resolved this by commenting it out for now, but that's obviously not a long term solution. I agree the new behavior is probably the appropriate default, but would it be possible to have a config flag that could be set to disable it?

Thanks! :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ldstevens