Why does Firefox not always send the HTTP Origin header for POST requests?

Question

I\'m exploring the idea of HTTP Origin checks as CSRF protection for Drupal at https://www.drupal.org/node/1803712

Now I was testing how the Origin header arrives wi

Answer 1

Is isn't implemented yet. There's a discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=446344