NEW BUG - Firefox: Security Warning: A link from an external source has been detected and automatically disabled.

2 posts by 2 authors in: Forums > CMS Builder
Last Post: May 25, 2020   (RSS)

By daniel - May 25, 2020

Hi Jeff,

I've done some testing and haven't been able to find any discrepancies between how Chrome and Firefox 76.0.1 are reporting HTTP_REFERER. Note that HTTP_REFERER contains the referring page, so it shouldn't be expected to match SCRIPT_URI. Additionally, security_disableExternalReferers() only checks that HTTP_REFERER starts the reported server/hostname so it shouldn't matter if it contains the full URL or not.

I suspect that there is either something in your server config or URL scheme that isn't being properly accounted for in CMSB's referer check. One recent addition slated for the next version fixes a few cases when detecting HTTPS: https://www.interactivetools.com/forum/forum-posts.php?postNum=2244601#post2244601 - can you try out this fix? If that doesn't help, feel free to send us a 2nd level support request (https://www.interactivetools.com/support/request/) and we can take a closer look at your specific case.

Thanks!

Daniel
Technical Lead
interactivetools.com