I had enough of pinning posts resulting in a 405 in my Pale Moon (though the pin will still go through, it's just that you get the 405 and have to navigate back to the forum or homepage manually), so I went ahead and investigated.

Looking at devtools it seemed like I'm getting 302'd to the same pin url I POSTed, which explains the 405 because you're not supposed to GET that endpoint.

I tried with safe mode enabled and the 405 still appeared. So I tried with fresh profile and the 405 went away (i.e. the 302 is now pointing correctly to the forum page or homepage I'm from), which meant it's something within my about:config I modified, not with my add-ons. I looked at the troubleshooting information and the network.http.referer.spoofSource caught my attention. I deduced that Postmill might be depending on the referer my browser sends with the POST for the 302; I was correct when I flipped the pref back to false.

So beware of trying to spoof your Referer I guess

Comments

nitori OP wrote on August 24, 2024 at 1:31 PM

#20,600

u/emma I wonder if we actually need to use the browser's Referer for the (un)pin function. Wouldn't it be better if the user gets redirected to the forum's page always anyway so they can see clearly the effect of the pin?

emma wrote on August 24, 2024 at 2:54 PM

#20,605

Replying to nitori (#20,600)

i don't think that's desirable. this is one esoteric browser setting i'm not willing to make concessions for.