A field is restricted through ACL based on the URL. The read ACL is written on the field. Within the ACL script, the target URL is fetched and depending on the URL, the script either returns 'true' or 'false'.
The ACL is working fine when redirected to a URL step by step, but when the URL is copy-pasted in a new browser window, the ACL is not working
As an example, from left navigation, go to the incident list and open a record. the affected field is not visible. Now, copy the same URL and paste it in a new browser window - the affected field is not visible. Ideally, it should appear.
The issue can be caused by the read ACL script if 'getHeader("referer")' is used.
As he Referer request-header contains the address of the previous web page from which a link to the currently requested, while copy-pasting the incident/record link in a new browser window, there will be no previous web page. Hence, the referer was returns null and the rest of the ACL script Fails.
To resolve this issue, please replace 'getHeader("referer")' with 'getRequestURL()'. It fetches the URL even when the URL is copied from a different browser window and pasted in a new window.
You may need to convert the URL fetched by using 'getRequestURL()' to a string.