Comment 2 for bug 1552409

I am under the impression that referring URL from https is, in may cases, not possible to use for authentication. As such this would, in theory, not actually work to authenticate. Have you confirmed it actually functions in current browsers (as in, the http referrer actually gets set)?