GET /tasks/NNN with a Referer header


Sean Dowd <ssdowd@...>
 

First, thanks to Dmitry for documenting the API and to Dr Nic for
gogobosh. Both are immensely helpful.

I'm using gogobosh (and some raw POSTs) and hit this problem using
gogobosh's FetchVMsStatus. When I invoke FetchVMsStatus using gogobosh, it
calls GET /deployments/cf-warden/vms?format=full, which returns a redirect
to /tasks/NNN. gogobosh follows this redirect and includes a Referer
header. If this header is included, bosh returns a 403 (forbidden).

When I invoke the same call via curl without the Referer header, it works.

I modified gogobosh to remove the Referer header, but this seems a bit
extreme. Can anyone tell me why Referer triggers a 403?