I have a site that uses formspree.io to receive a form post and send as email. But it doesn’t work on Brave because it depends on HTTP Referer.
It seems like there would be a number of cases like this where HTTP Referer is used as a simplistic security mechanism rather than a tracking mechanism.
Is there a feature planned to enable passing the Referer header for these cases? I recognize that it’s complicated, I’m just wondering if you’ve thought about ways to make this work. It seems like hard-coded whitelists as in https://github.com/brave/brave-core/pull/701 are a stopgap that won’t scale.
3 Likes
Ran into the same problem and noticed it was isolated to Brave. Did you ever find a workaround, @agriffis?
I noticed the same issue today. Do we have a resolution coming any time soon?
Ran into this too. Was able to submit a form on other browsers except Brave. Disabling the shields did not help
I have ran into the same problem while trying to login through mojeID, which is a project by CZ.NIC, the association which main activity is the administration of domain names .cz. Because of that, I am unable to log into some services that depend on mojeID login gateway. Expanding the whitelist (https://github.com/brave/referrer-whitelist/pull/40) does not seem to solve it.