Re: HTTP REFERER not set in Internet Explorer

[Jonathan Angliss <jon () netdork net>]

Hello Saqib,

Wednesday, November 16, 2005, 10:16:33 AM, you wrote:

> Because of some security concerns I need the HTTP_REFERER to be set
> correctly. If it is not possible, I will have to restrict my users
> to a Mozilla based browser.

I wouldn't recommend relying on just the headers to do your securing.
They can easily be forged. There are at least two FireFox extensions
that allow you to tweak them, and talking to an http server over
telnet isn't that difficult, you can even precraft it in notepad.

You might find your issue is in the fact that the javascript url call
isn't making IE send the referrers, however if you use:

  <a href="yoururl.php">click here</a>

You will see the referrer headers just fine.

-- 
Jonathan Angliss
<jon () netdork net>

Attachment: _bin
Description: