Comment 4 for bug 1552409

Beyond the referring url not always being sent (your example seems to be a http page, and a lot of services don't have https landing pages) I also question the use of referring url for authentication in the first place. The number of security packages that look to ensure that they don't get set is fairly high.

Furthermore, the *way* you are directing people is, itself, easy enough to use for visitors without the ability to login to "spoof" the referrer (as the final destination is readily available in the url, and referrer spoofing is fairly easy).

If we ignore authenticating via referring url as a problem itself then I would think the better way to handle this would be to store the actual destination URL in the server, either as a DB setting or apache config setting, rather than in the link to the redirector page.

A quick and easy way to "store" the redirection(s) (without checking anything beyond "you can log in") would be "create a new template file that does nothing but point you, with javascript and a link in case javascript is disabled, to the final destination page". Because new template files require authentication by default you need no new perl code to make it work.

Also, I just realized, you have talked about FF and Chrome, but what about IE and/or Safari?