Description of the issue:
Brave is sending an incorrect Referer header on a fetch request. Our site is using a geolocation service from smartystreets.org, by way of their Javascript SDK. It issues fetch requests to their site, which authorize the request based on the Referer header. However, the Referer header that Brave is sending contains the URL of their API rather than the URL of our site. Needless to say, their service does not recognize this as being our site, and refuses to authorize the request. This happens only when shields are up; with shields down, the Referer header is correct.
Exact URL of the website in question:
https://sunnyvaleserv.org. Regrettably this is not publicly accessible.
Did the issue present with default Shields settings? (yes/no)
Yes
Does the site function as expected when Shields are turned off?
Yes
Is there a specific Shields configuration that causes the site to break? If so, tell us that configuration. (yes/no):
No
Does the site work as expected when using Chrome?
Yes
Brave version (check About Brave):
Version 1.8.96 Chromium: 81.0.4044.138 (Official Build) (64-bit)