I'm having an implementation of an iframe which is used on many third-party websites. Within the iframe there is a login that redirects to my main page for login and should redirect back to the third party site then.
The iframe is having referrerpolicy="unsafe-url" so the iframe gets the full-url to redirect back to:
<iframe referrerpolicy="unsafe-url" ....>
This works all and good except in firefox.
In all other browsers its www.example.com/subpage/pagewithmyiframe.html
In firefox its only www.example.com Which is a problem, why does firefox completely ignore the referrerpolicy parameter?
Is this a firefox bug? Why is there no way to control if I want to trust this url or not. thats what the referrerpolicy parameter is there for. I want to control if I allow it or not.
I have just hit the same problem that you and it appears to be caused by a "Enhaned Tracking Protection" feature in firefox. Once you disable that, it starts sending full referrer again.
https://bugzilla.mozilla.org/show_bug.cgi?id=1720294 https://bugzilla.mozilla.org/show_bug.cgi?id=1727301