LadybirdBrowser
LibWeb: Incorrect `referrer` header
This is a copy of https://github.com/SerenityOS/serenity/issues/23255, the issue is still relevant. We still get a 403 in LB, but shouldn't.
Given this URL: https://fonts.wod-game.de/java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201
Opening this in a browser should show you an image with the text "Ladybird 1".
In Ladybird though we only get the "image did not load" box (because the remote has a referrer filter).
I debugged this on the server side and we can see a clear problem here:
Firefox:
95.90.204.x - - [19/Feb/2024:09:30:04 +0100] "GET /java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201 HTTP/1.1" 200 8741 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0"
Ladybird:
95.90.204.x - - [19/Feb/2024:09:31:22 +0100] "GET /java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201 HTTP/1.1" 200 8741 "-" "Mozilla/5.0 (Linux; x86_64) Ladybird/1.0"
95.90.204.x - - [19/Feb/2024:09:31:22 +0100] "GET /java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201 HTTP/1.1" 403 746 "https://fonts.wod-game.de/java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201" "Mozilla/5.0 (Linux; x86_64) Ladybird/1.0"
95.90.204.x - - [19/Feb/2024:09:31:22 +0100] "GET /favicon.ico HTTP/1.1" 404 547 "https://fonts.wod-game.de/java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201" "Mozilla/5.0 (Linux; x86_64) Ladybird/1.0"
These logs are produced when opening the site in a new tab. We should only see one request, or if we need two for whatever reason we should not add that referer there.
More context might be found in this and following messages: https://discord.com/channels/830522505605283862/830525031720943627/1209048373655773205
~~OP's link has rotted, and~~ trying e.g. ladybird requestheaders.dev now, it seems the header isn't sent. Is this fixed?
That link should absolutely work. It is used many many times each day. Will check how LB behaves nowadays tomorrow.
Still very much broken in the exact same way:
95.90.204.x - - [29/Oct/2024:13:10:27 +0100] "GET /java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201 HTTP/1.1" 200 7093 "-" "Mozilla/5.0 (Linux; x86_64) Ladybird/1.0"
95.90.204.x - - [29/Oct/2024:13:10:27 +0100] "GET /java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201 HTTP/1.1" 403 690 "https://fonts.wod-game.de/java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201" "Mozilla/5.0 (Linux; x86_64) Ladybird/1.0"
95.90.204.x - - [29/Oct/2024:13:10:27 +0100] "GET /favicon.ico HTTP/1.1" 404 491 "https://fonts.wod-game.de/java_font_renderer/render?skin=skin-8&profil=font_menu-1-hovered&text=Ladybird%201" "Mozilla/5.0 (Linux; x86_64) Ladybird/1.0"
@YoshiRulz The reason you got a 403 instantly, was because Github will send a referer and the referer has to be empty!
You can also see the three requests with a python3 -m http.server (no logged referer though):
127.0.0.1 - - [29/Oct/2024 13:28:48] "GET /classes.png HTTP/1.1" 200 -
127.0.0.1 - - [29/Oct/2024 13:28:48] "GET /classes.png HTTP/1.1" 200 -
127.0.0.1 - - [29/Oct/2024 13:28:48] code 404, message File not found
127.0.0.1 - - [29/Oct/2024 13:28:48] "GET /favicon.ico HTTP/1.1" 404 -
Very importantly, this behaviour does not happen with text (or HTML) files. It only happens with images!
127.0.0.1 - - [29/Oct/2024 13:33:02] "GET /CMakeLists.txt HTTP/1.1" 200 -
127.0.0.1 - - [29/Oct/2024 13:33:02] code 404, message File not found
127.0.0.1 - - [29/Oct/2024 13:33:02] "GET /favicon.ico HTTP/1.1" 404 -
The original issue seems to be fixed? tested on a76f420207202b08b91c1c9913d28bd129e28c94 I get:
