Reporting graph (bar, line) reads only: Graphical report results

Zarko Dudic zarko.dudic at oracle.com
Sun Dec 25 04:43:18 UTC 2022


Just for the record, the status 403 (Forbidden) and message "Untrusted Referer Header" gives some clue why upgrade from 4.2 to 4.4 causes graph not to be created. 
There is no such message in the branch 4.2, but I've found it in the brunch 4.4, in this commit:

commit f31dbc9c2c868543dcc8904397c861881d59c45b
Author: Dylan William Hardison <dylan at hardison.net>
Date:   Fri Feb 16 11:29:47 2018 -0500
    Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from leaking contents of certain fields due to regex search
    
The code is:
+        if (!$is_safe_referer && !$is_safe_content_type) {
+            print $self->SUPER::header(-type => 'text/html',  -status => '403 Forbidden');
+            if ($content_type ne 'text/html') {
+                print "Untrusted Referer Header\n";





More information about the support-list mailing list