TechQA.

Referrer url is being stripped out of header because of browser policy

2.2k views Asked by At

With the new release of the Chrome browser, version 85.0.4183.121, the referral url is now being stripped off when our on-line shoppers are redirected to Microsoft's Azure AD B2C in order to login. According to this article, https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy, the fix is to set the Referrer-Policy on https://missionb2c.b2clogin.com.

I don't see any way to do this within AADB2C? Please help.

Our problem occurs only with the new version of Chrome: 85.0.4183.121. It does not happen in Edge or with older versions of Chrome.

The work around is to disable the “strict-origin-when-cross-origin” policy in Chrome: chrome://flags/#reduced-referrer-granularity

However, we cannot use this as workaround – too many of our customers are experiencing this issue.

There is no error so I cannot send you a screenshot. Simply put, when shoppers are redirected to Microsoft’s b2c login page, the referral url is stripped out by the browser. This causes a ‘generic’ login page to be displayed instead of having our customer’s logo. Additionally, there is not option to “sign-up now” because this, too comes from the referral URL.

azure-ad-b2c referrer-policy
Original Q&A
2

There are 2 answers

0
Marcelo Almeida On

Editing post:

This is a problem related to Chrome only.

https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default

You need to declare inside your anchor tag or inside in your javascript doc that the referrer policy you want is the no-referrer-downgrade.

0
Arthur Herbert On

If you are using user flows to perform login, you can use a custom layout with your own html and css files as seen in here customize user flow. With that setup, you can add a script to your custom html adding a meta tag to set the referrer policy for you:

const meta = document.createElement('meta');
meta.name = 'referrer';
meta.content = 'unsafe-url';
document.getElementsByTagName('head')[0].appendChild(meta);

or simply add it to your custom html:

<meta name='referrer' content='unsafe-url'></meta>

If you need referral information in Microsoft’s b2c login page that was being sending from your app before Chrome's update, than you'll need to add this tag to your site.

Edit: You may use no-referrer-when-downgrade to improve security, I've used unsafe-url because I'm doing this only in development

Related Questions in AZURE-AD-B2C

Related Questions in REFERRER-POLICY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions