Project is using Grails 2.3.9 and AngularJS 1.2.9, we've enabled a referer filter which ensures that the referer matches the host, if they dont match the user is redirected to login page. The problem is that when the user is actually logged in and they select a template from the navigation and select F5 the referer header is null! Thus the user is redirected back to the login page by the referer filter.
If anybody can shed some light on why the referer is not being set? Referer header is not a mandatory field but its required for our application. I can see the referer when the user logs in and lands on their admin page and if they select F5 then the page refreshes as the referer is present.
Any ideas?
J
I am not 100% sure what you mean by "select a template from the navigation [...] and select F5" - so this basically is an ajax request ? Or do you use for example ui-router ?
If you hit refresh, this is the "first" request, there is no referrer header at this point of time. It is like opening your browser and entering the URL for the first time.
Anyway, you should think about better options to secure your app. Referrer is spoofable very easy. And also not every browser does send Referrer headers though.