<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head> <base href="https://launchpad.net/launchpad/+faq/1024/+index" /> <meta charset="UTF-8" /> <title>FAQ #1024 : Questions : Launchpad itself</title> <link rel="apple-touch-icon" sizes="180x180" href="/@@/apple-touch-icon.png?v=2022" /> <link rel="icon" type="image/png" sizes="32x32" href="/@@/favicon-32x32.png?v=2022" /> <link rel="icon" type="image/png" sizes="16x16" href="/@@/favicon-16x16.png?v=2022" /> <link rel="manifest" href="/@@/site.webmanifest?v=2022" /> <link rel="mask-icon" href="/@@/safari-pinned-tab.svg?v=2022" color="#e9531f" /> <link rel="shortcut icon" href="/@@/favicon.ico?v=2022" /> <meta name="msapplication-TileColor" content="#da532c" /> <meta name="msapplication-config" content="/@@/browserconfig.xml?v=2022" /> <meta name="theme-color" content="#ffffff" /> <link type="text/css" rel="stylesheet" media="screen, print" href="/+icing/rev22ade00ab50b929fac63b8ee7252243aceda294a/combo.css" /> <meta property="og:title" content="FAQ #1024 : Questions : Launchpad itself" /> <meta property="og:type" content="website" /> <meta property="og:image" content="/@@/launchpad-og-image.png" /> <meta property="og:url" content="https://launchpad.net/launchpad/+faq/1024/+index" /> <meta property="og:site_name" content="Launchpad" /> <script type="text/javascript"> var LP = { cache: {}, links: {} }; </script> <script type="text/javascript">var cookie_scope = '; Path=/; Secure; Domain=.launchpad.net';</script> <script type="text/javascript" src="/+combo/rev22ade00ab50b929fac63b8ee7252243aceda294a/?yui/yui/yui-min.js&amp;lp/meta.js&amp;yui/loader/loader-min.js"></script> <script type="text/javascript"> var raw = null; if (LP.devmode) { raw = 'raw'; } YUI.GlobalConfig = { combine: true, comboBase: '/+combo/rev22ade00ab50b929fac63b8ee7252243aceda294a/?', root: 'yui/', filter: raw, debug: false, fetchCSS: false, maxURLLength: 2000, groups: { lp: { combine: true, base: '/+combo/rev22ade00ab50b929fac63b8ee7252243aceda294a/?lp/', comboBase: '/+combo/rev22ade00ab50b929fac63b8ee7252243aceda294a/?', root: 'lp/', // comes from including lp/meta.js modules: LP_MODULES, fetchCSS: false } } }</script> <script type="text/javascript"> // we need this to create a single YUI instance all events and code // talks across. All instances of YUI().use should be based off of // LPJS instead. var LPJS = new YUI(); </script> <script id="base-layout-load-scripts" type="text/javascript"> //<![CDATA[ LPJS.use('base', 'node', 'console', 'event', 'oop', 'lp', 'lp.app.foldables','lp.app.sorttable', 'lp.app.inlinehelp', 'lp.app.links', 'lp.bugs.bugtask_index', 'lp.bugs.subscribers', 'lp.app.ellipsis', 'lp.code.branchmergeproposal.diff', 'lp.views.global', function(Y) { Y.on("domready", function () { var global_view = new Y.lp.views.Global(); global_view.render(); Y.lp.app.sorttable.SortTable.init(); Y.lp.app.inlinehelp.init_help(); Y.lp.activate_collapsibles(); Y.lp.app.foldables.activate(); Y.lp.app.links.check_valid_lp_links(); }); Y.on('lp:context:web_link:changed', function(e) { window.location = e.new_value; }); }); //]]> </script> <script id="base-helper-functions" type="text/javascript"> //<![CDATA[ // This code is pulled from lp.js that needs to be available on every // request. Pulling here to get it outside the scope of the YUI block. function setFocusByName(name) { // Focus the first element matching the given name which can be focused. var nodes = document.getElementsByName(name); var i, node; for (i = 0; i < nodes.length; i++) { node = nodes[i]; if (node.focus) { try { // Trying to focus a hidden element throws an error in IE8. if (node.offsetHeight !== 0) { node.focus(); } } catch (e) { LPJS.use('console', function(Y) { Y.log('In setFocusByName(<' + node.tagName + ' type=' + node.type + '>): ' + e); }); } break; } } } function selectWidget(widget_name, event) { if (event && (event.keyCode === 9 || event.keyCode === 13)) { // Avoid firing if user is tabbing through or simply pressing // enter to submit the form. return; } document.getElementById(widget_name).checked = true; } //]]> </script> </head> <body id="document" itemscope="" itemtype="http://schema.org/WebPage" class="tab-answers main_side public yui3-skin-sam"> <div class="yui-d0"> <div id="locationbar" class="login-logout"> <div id="logincontrol"><a href="https://launchpad.net/launchpad/+faq/1024/+login">Log in / Register</a></div> </div><!--id="locationbar"--> <div id="watermark" class="watermark-apps-portlet"> <div> <a href="https://launchpad.net/launchpad"><img alt="" width="64" height="64" src="https://launchpadlibrarian.net/600817174/Canonical_Launchpad_icon_64px.png" /></a> </div> <div class="wide"> <h2 id="watermark-heading"><a href="https://launchpad.net/launchpad">Launchpad itself</a></h2> </div> <!-- Application Menu --> <ul class="facetmenu"> <li class="overview"><a href="https://launchpad.net/launchpad">Overview</a></li> <li class="branches"><a href="https://code.launchpad.net/launchpad">Code</a></li> <li class="bugs"><a href="https://bugs.launchpad.net/launchpad">Bugs</a></li> <li class="specifications"><a href="https://blueprints.launchpad.net/launchpad">Blueprints</a></li> <li class="translations"><a href="https://translations.launchpad.net/launchpad">Translations</a></li> <li class="answers active"><a href="https://answers.launchpad.net/launchpad">Answers</a></li> </ul> </div> <div class="yui-t4"> <div id="maincontent" class="yui-main"> <div class="yui-b" dir="ltr"> <div class="context-publication"> <h1>Why does Launchpad require a Referer header?</h1> <div id="registration" class="registering"> Created by <a href="/~gary" class="sprite person">Gary Poster</a> <time title="2010-03-26 20:36:23 UTC" datetime="2010-03-26T20:36:23.430914+00:00">on 2010-03-26</time> </div> </div> <div id="request-notifications"> </div> <div> <div class="top-portlet"> <dl id="faq-keywords"> <dt>Keywords:</dt> <dd>Referer referrer</dd> </dl> <dl id="faq-updated" style="clear: both"> <dt>Last updated by:</dt> <dd> <a href="/~wgrant" class="sprite person">William Grant</a> <time title="2011-04-11 03:01:37 UTC" datetime="2011-04-11T03:01:37.076527+00:00">on 2011-04-11</time> </dd> </dl> </div> <div id="faq-content" class="portlet"><p>Launchpad enforces the presence of Referer headers in browser POST requests.</p> <p>The reason for this is to address an important web-site attack vector, cross-site request forgery.</p> <p><a rel="nofollow" href="http://en.wikipedia.org/wiki/Cross-site_request_forgery">http://<wbr />en.wikipedia.<wbr />org/wiki/<wbr />Cross-site_<wbr />request_<wbr />forgery</a></p> <p>Therefore, to work with Launchpad, you will need to let your browser send Launchpad your Referer headers.</p> <p>If you are using Firefox and wish to send your Referer header only to certain sites, there appears to be at least one Firefox add-on that does what you want. People have reported success with it. That said, we do not know anything about it except for its description and reviews. <a rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/953">https:/<wbr />/addons.<wbr />mozilla.<wbr />org/en-<wbr />US/firefox/<wbr />addon/953</a></p></div> </div> </div><!-- yui-b --> </div><!-- yui-main --> <div id="side-portlets" class="yui-b side"> <div id="global-actions" class="portlet vertical"> <ul> <li> <a class="menu-link-list_all sprite info" href="https://answers.launchpad.net/launchpad/+faqs">List all FAQs</a> </li> </ul> </div> <div class="portlet" id="portlet-related-questions"> <h2>Related questions</h2> <ul> <li class="question-row"> <a class="sprite question" href="https://answers.launchpad.net/ubuntu/+source/xorg/+question/152211" title="Surely, the referer might help to hamper &quot;Cross-site request forgery&quot;. But aren't there other str...">#152211 Please drop the necessity of HTTP referer</a> </li> </ul> </div> </div><!-- yui-b side --> </div><!-- yui-t4 --> <div id="footer" class="footer"> <div class="lp-arcana"> <div class="lp-branding"> <a href="https://launchpad.net/"><img src="/@@/launchpad-footer-logo.svg" alt="Launchpad" width="65" height="18" /></a> &nbsp;&bull;&nbsp; <a href="https://launchpad.net/+tour">Take the tour</a> &nbsp;&bull;&nbsp; <a href="https://help.launchpad.net/">Read the guide</a> &nbsp; <form id="globalsearch" method="get" accept-charset="UTF-8" action="https://launchpad.net/+search"> <input type="search" id="search-text" name="field.text" /> <input type="image" src="/@@/search" style="vertical-align:5%" alt="Search Launchpad" /> </form> </div> </div> <div class="colophon"> &copy; 2004 <a href="http://canonical.com/">Canonical&nbsp;Ltd.</a> &nbsp;&bull;&nbsp; <a href="https://launchpad.net/legal">Terms of use</a> &nbsp;&bull;&nbsp; <a href="https://www.ubuntu.com/legal/dataprivacy">Data privacy</a> &nbsp;&bull;&nbsp; <a href="/feedback">Contact Launchpad Support</a> &nbsp;&bull;&nbsp; <a href="http://blog.launchpad.net/">Blog</a> &nbsp;&bull;&nbsp; <a href="https://canonical.com/careers">Careers</a> &nbsp;&bull;&nbsp; <a href="https://ubuntu.social/@launchpadstatus">System status</a> <span id="lp-version"> &nbsp;&bull;&nbsp; 22ade00 (<a href="https://dev.launchpad.net/">Get the code!</a>) </span> </div> </div> </div><!-- yui-d0--> <script id="json-cache-script">LP.cache = {"related_features": {}, "context": {"self_link": "https://launchpad.net/api/devel/launchpad/+faq/1024", "web_link": "https://answers.launchpad.net/launchpad/+faq/1024", "resource_type_link": "https://launchpad.net/api/devel/#faq", "id": 1024, "title": "Why does Launchpad require a Referer header?", "keywords": "Referer referrer", "content": "Launchpad enforces the presence of Referer headers in browser POST requests.\n\nThe reason for this is to address an important web-site attack vector, cross-site request forgery.\n\nhttp://en.wikipedia.org/wiki/Cross-site_request_forgery\n\nTherefore, to work with Launchpad, you will need to let your browser send Launchpad your Referer headers.\n\nIf you are using Firefox and wish to send your Referer header only to certain sites, there appears to be at least one Firefox add-on that does what you want. People have reported success with it. That said, we do not know anything about it except for its description and reviews. https://addons.mozilla.org/en-US/firefox/addon/953", "date_created": "2010-03-26T20:36:23.430914+00:00", "last_updated_by_link": "https://launchpad.net/api/devel/~wgrant", "date_last_updated": "2011-04-11T03:01:37.076527+00:00", "target_link": "https://launchpad.net/api/devel/launchpad", "http_etag": "\"741428b80cadd107d5784978c6fcdb5094148569-3409f413cedea73828f0db02d2e142b930b3c4a2\""}};</script> </body> <!-- Facet name: answers Page type: main_side Has global search: True Has application tabs: True Has side portlets: True At least 15 queries/external actions issued in 0.14 seconds Features: {'profiling.enabled': None, 'hard_timeout': '5000', 'js.yui_version': None, 'app.mainsite_only.canonical_url': None, 'app.maintenance_message': None, 'baselayout.careers_link.disabled': None, 'visible_render_time': None} r22ade00 --> </html>