Fredrik, This is intentional -- in 1.2 we added some measures to counteract cross-site scripting and request-forgery attacks. For your application, it would be best to have a reverse-proxy remove the Referer header (as long as the request is a GET to allowed resources, like your images).
On Wed, Aug 15, 2012 at 8:24 AM, Fredrik Lindström < fredrik.lindst...@qbranch.se> wrote: > Hi everyone, > One of the things we use Riak for is to serve images straight to the > browser (obviously via a firewall etc etc). These images are displayed on > our webpages so when the browser loads the page it will fire off GET > requests for the image URLs and for good measure it will include a referer > header when doing this. This works fine in production since we're still on > Riak 1.0.2 but our dev and stage clusters have been upgraded to 1.2.0 and > the story is a bit different there. > Riak will respond with 403 Forbidden if the referer header is set, the > same is also logged in the access.log files. > > I found this while digging around: > > https://github.com/basho/riak_kv/commit/3cd75e76c20b77dec2be0cb36892f5cc79dbec0b > *"*Validate that the Referer matches up with scheme, host and port of the > machine that received the request" > > Since the referer (http://mysupderduperwebapp.xyz/snazzypage.html) will > not match the scheme, host and port of the riak node that received the > request no image will be served. > Is there any way to configure riak 1.2.0 to allow any referer header value? > > /F > > _______________________________________________ > riak-users mailing list > riak-users@lists.basho.com > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > > -- Sean Cribbs <s...@basho.com> Software Engineer Basho Technologies, Inc. http://basho.com/
_______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
